CONTROL TYPES — Why It Is Important To An Organizations Information System.
Hi there! Today we’re going to talk about security controls. Have you ever locked your diary, hidden your favorite toy somewhere safe, or created a secret code with your friends to keep something private? Well, security controls are kind of like that, but on a much bigger scale.
In our world, there are many things that we want to keep safe and secure. For example, we want to make sure our money is safe in the bank, our personal information is safe when we use the internet, and our schools and hospitals are protected from bad guys who might want to do harm.
When one thinks about cybersecurity professionals and all the data and systems that they are charged with protecting, it makes one wonder what kind of safeguards could possibly be put in place to carry out this task. These safeguards are called controls, and they take several forms from securing the physical locations of server rooms to implementing technical controls to keep bad actors out of the network, and even writing policies so employees and coworkers can do their part.
SECURITY CONTROLS
They pertain to the physical, technical and administrative mechanisms that act as safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity and availability of the system and its information. The implementation of controls should reduce risk, hopefully to an acceptable level.
Security controls are the rules and tools that help us keep these things safe. They are like locks and alarms that prevent bad guys from getting in, and they are things like passwords, firewalls, and security cameras that help us detect and stop threats before they cause harm. It’s important to use security controls to keep our world safe and secure, just like we use locks and alarms to keep our own things safe at home.
COMPARING CONTROL TYPES
There is a wide variety of different security controls that are used to mitigate the risk of being attacked; the three main categories are administrative, technical and physical controls. We are going to look at these in more detail; you need to be familiar with each of these controls and when each of them should be applied. Let’s start by looking at the three main controls
- Administrative controls are like the rules you follow to keep your toy or bicycle safe. For example, you might have a rule that you always put your toy away in a safe place when you’re done playing with it. Similarly, organizations have rules and procedures in place, like having security policies and conducting background checks, to help protect their important information and assets, incident response plan, security awareness training, and risk assessment.
- Technical controls are like the special locks and security systems that can be put in place to protect your things. For example, you might have a lock on your bicycle or an alarm system on your house. In the same way, organizations use technology-based solutions, like firewalls, intrusion detection systems, encryption, access controls and antivirus software, to protect their computer systems and networks
- Physical controls are like the physical barriers that can be used to protect your things. For example, you might keep your toy in a locked box, or park your bicycle in a bike rack. Similarly, organizations use physical measures, like security cameras, locks, and alarms, to protect their physical assets, like buildings and equipment.
These three categories of control types work together to create a layered defense against security threats. Administrative controls set the policies and procedures for how security is managed, technical controls provide technology-based protection against threats, and physical controls protect the organization’s physical assets.
Many organizations are improving their overall security posture by integrating their administrative controls into the task-level activities and operational decision processes that their workforce uses throughout the day. This can be done by providing them as in-context ready reference and advisory resources, or by linking them directly into training activities. These and other techniques bring the policies to a more neutral level and away from the decision-making of only the senior executives. It also makes them immediate, useful and operational on a daily and per-task basis
For example, management of an organization could choose to annually conduct risk assessments of their IT infrastructure where the IT team will look at all the risks associated with the IT systems and how to treat and mitigate them. Companies could also conduct vulnerability scans and penetration testing.
There are wide variety of different security controls that are used within an organization to reduce the risk of being attacked. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent. Controls are also used to protect people as is the case with social engineering awareness training or policies.
The lack of security controls places the confidentiality, integrity, and availability of information at risk. These risks also extend to the safety of people and assets within an organization.
CONCLUSION
In today’s digital age, security is more important than ever before. We use technology for everything from communication to banking to shopping, and we need to be aware of the security risks that come with it. That’s where security controls come in.
Security controls are the tools and measures that we can use to protect our personal and organizational assets from cyber threats. By using a combination of administrative, technical, and physical controls, we can create a layered defense that makes it harder for bad actors to get access to our information and assets.
But the world of cybersecurity is constantly changing, and new threats are always emerging. That’s why it’s important to stay informed and to keep learning about new security tips and best practices. So, stay tuned for more content and security tips, and let’s all work together to keep our digital world safe and secure!