Articles on: Compliance

What are security controls?

Security controls are specific actions, steps, processes or measures that a businesses implements in order to reduce risk, protect data or assets, and meet the requirements outlined by compliance standards. These actions can be digital, such an requiring multi-factor authentication to access company data, or physical, such as installing biometric locks in locations where sensitive information is stored.


There are three main types of controls:


  • Preventive Controls stop security incidents before they happen. Examples include firewalls, multi-factor authentication (MFA), and role-based access controls.
  • Detective Controls identify and alert organisations to security threats. These include intrusion detection systems, security monitoring, and audit logs.
  • Corrective Controls respond to and mitigate incidents after they occur. Examples include incident response plans, backups, and automated remediation tools.


Updated on: 18/02/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!