27. What are Security Controls?

Security Controls

Security controls are safeguards or countermeasures used to protect the confidentiality, integrity, and availability (CIA) of systems and information.

• Their purpose is to reduce risk to an acceptable level.
• They are of three types:
  • Physical controls
  • Technical controls
  • Administrative controls

Physical Controls

Protect using physical devices, facility design, and staff actions.

Control the movement of people and equipment in a location.

Examples:

• badge readers
• security guards

Technical Controls

Also called logical controls.

Implemented by systems and networks.

Help to:

• prevent unauthorized access
• detect security violations

Examples:

• access control systems
• authentication systems

Administrative Controls

Also called managerial controls are rules, guidelines, and advisories for people in the organization.

Provide:

• frameworks
• constraints

Examples:

• security policies
• awareness training

Key Point

• Physical controls protect places and equipment.
• Technical controls protect systems and data.
• Administrative controls guide people and their actions.