Security Controls

Security Controls

Security Controls Jonathan Poland

IT security controls are measures that are implemented in order to reduce security risks. These controls may be identified through security audits or as part of projects and continuous improvement efforts. They can be implemented as a matter of process, procedure, or automation, and are designed to protect against potential security threats or vulnerabilities.

There are many different types of IT security controls that can be implemented, including technical controls such as firewalls and antivirus software, as well as administrative controls such as security policies and employee training programs. These controls are often tailored to the specific needs and risks of an organization, and may be adjusted over time as the security landscape evolves.

Effective IT security controls are essential for protecting an organization’s assets, including sensitive data, systems, and networks. They can help to prevent data breaches, cyber attacks, and other security incidents, and are an important part of any organization’s overall risk management strategy. It is important to regularly review and update IT security controls in order to ensure that they are effective and aligned with the changing needs of the organization. The following are illustrative examples of IT security controls.

Authentication

Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.

Training

Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.

Communication

Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.

Cryptography

Data in storage is encrypted on all devices.

Passwords

Systems perform validation to ensure employees choose strong passwords.

Processes

An IT governance process reviews security incidents on a monthly basis.

Automation

A website places a three hour freeze on a customer’s account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Learn More
Product Diffusion Jonathan Poland

Product Diffusion

Product diffusion refers to the process by which a product or service is accepted and adopted by a target market.…

Ecotax Jonathan Poland

Ecotax

An ecotax is a tax levied on activities that have a negative impact on the environment. It is intended to…

Quantum Computing Jonathan Poland

Quantum Computing

Quantum computing is a fascinating and rapidly evolving field that seeks to harness the principles of quantum mechanics to perform…

Price Economics Jonathan Poland

Price Economics

Price economics, also known as pricing strategy, is the study of how businesses determine the price of their products and…

Commoditization Jonathan Poland

Commoditization

Commoditization occurs when certain products or services become interchangeable, leading customers to focus on price as the main factor in…

Decision Costs Jonathan Poland

Decision Costs

Decision costs refer to the costs associated with making a decision. These costs can take many forms, including the time…

Cell Production Jonathan Poland

Cell Production

Cell production is a manufacturing approach that involves organizing work into small, self-contained units or cells. Each cell is responsible…

Specifications Jonathan Poland

Specifications

A specification is a detailed description of the requirements or procedures that are necessary to implement or carry out a…

Change Driver Jonathan Poland

Change Driver

A change driver is a force or factor that initiates or drives change within an organization. Change drivers can be…

Jonathan Poland © 2025

Content Database

Search over 1,000 posts on topics across
business, finance, and capital markets.

Penetration Pricing Jonathan Poland

Penetration Pricing

Penetration pricing is a pricing strategy in which a company initially sets a low price for its products or services…

Product Experience Jonathan Poland

Product Experience

Product experience refers to the overall value that a product or service provides to customers based on their perceptions as…

What is Greenwashing? Jonathan Poland

What is Greenwashing?

Greenwashing refers to the act of making false or misleading claims about the environmental benefits of a product or company…

What is Genchi Genbutsu? Jonathan Poland

What is Genchi Genbutsu?

Genchi Genbutsu is a Japanese term that refers to the practice of going to the source or the root of…

Ways of Thinking Jonathan Poland

Ways of Thinking

Ways of thinking refer to the mindsets and approaches that individuals use to form their ideas, opinions, decisions, and actions.…

Customer Acquisition Jonathan Poland

Customer Acquisition

Customer acquisition is the process through which a business attracts and persuades consumers to avail its products or services, thereby…

Comparative Risk Jonathan Poland

Comparative Risk

Comparative risk is a method of evaluating and comparing the potential impacts and likelihood of different risks. It is used…

Origin of Money Jonathan Poland

Origin of Money

Money is a type of asset or object that is widely accepted as a medium of exchange for goods, services,…

Sales Planning Jonathan Poland

Sales Planning

Sales planning is the process of setting revenue and unit targets for a sales team, and developing a plan to…

Read More