Security Control

Measures to Reduce Cyber Risk

What is a Security Control?

A Security Control is any safeguard or countermeasure implemented to protect systems, data, and operations from cyber threats. Security controls are designed to reduce risk by preventing, detecting, or responding to security incidents.

They are typically categorized into Technical Controls, Administrative Controls, and Physical Controls, and are implemented across environments to support frameworks such as NIST SP 800-53 and ISO/IEC 27001. Security controls form the foundation of any organization's Security Posture.

What is a Security Control used for?

Security controls are used to mitigate risks associated with Vulnerabilities, Attack Vectors, and evolving threats such as Malware, Phishing, and Exploits. They help organizations enforce policies, protect Critical Business Assets (CBA), and maintain operational resilience.

Security leaders use controls to implement strategies such as Defense in Depth and Zero Trust, ensuring layered protection and continuous monitoring through tools like SIEM and EDR.

Continue reading

Exploit
Leveraging Vulnerabilities for Unauthorized Access
Governance, Risk, and Compliance (GRC)
Strategic Security Management Framework
Federal Information Security Modernization Act (FISMA)
US Federal Security Compliance Law

Please note!
Any use of this website requires prior agreement to our Terms of Use, Privacy Policy, and Cookie Policy.
If you do not fully agree to all of them, do not use this website.