Security controls are the defenses or preventative measures that businesses put in place to keep their users, networks, data, and systems safe from online attacks. Consider them as the instruments, regulations, and systems that deter intruders, identify questionable activity, and assist in returning to regular operations following an incident.
To put it simply, security controls improve overall security posture and lower risk to a manageable level.
Security controls exist to:
- Protect sensitive data and critical systems
- Prevent security breaches
- Detect malicious activity
- Respond to cyber incidents quickly
- Minimize organizational risk
Security controls are classified in two ways:
By function (what they do)
By type (how they are applied)
By Function: What the Controls Do
1. Preventive Controls
These are designed to stop attacks before they happen.
Examples:
- Firewalls
- Encryption
- Access control policies
- MFA (Multi-Factor Authentication)
2. Detective Controls
These identify and alert when something suspicious occurs.
Examples:
- Intrusion Detection Systems (IDS)
- SIEM alerts
- Log monitoring
- File integrity monitoring
3. Corrective Controls
These fix issues and help restore systems after an attack.
Examples:
- Backups & data restoration
- Patching vulnerabilities
- Antivirus removal tools
By Type: How the Controls Are Applied
1. Administrative Controls
Policies and procedures that guide human behavior.
Examples:
- Security awareness training
- Hiring policies
- Incident response plans
- Standard operating procedures (SOPs)
2. Technical (Logical) Controls
Technology-driven protections.
Examples:
- Firewalls
- IDS/IPS
- Encryption
- Endpoint protection tools
3. Physical Controls
Controls that restrict physical access.
Examples:
- Locks
- Access cards
- CCTV cameras
- Security guards
