The 3 Types Of Security Controls (Expert Explains) | PurpleSec

Security controls play a foundational role in shaping the actions cyber security professionals take to protect an organization.

There are three main types of IT security controls including technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent. Controls are also used to protect people as is the case with social engineering awareness training or policies.

What Is A Security Control?

Security controls are countermeasures or safeguards used to reduce the chances that a threat will exploit a vulnerability.

For example, implementing company-wide security awareness training to minimize the risk of a social engineering attack on your network, people, and information systems.

Video Chapters
00:00 - Introduction
00:40 - What Is A Security Control?
01:38 - What Are The Goals Of Security Controls?
04:10 - Understanding The Basics Of Risk & Threats
05:59 - Technical Controls
07:20 - Administrative Controls
09:29 - Physical Controls
10:01 - Preventative Controls
11:26 - Detective Controls
13:22 - Corrective Controls
14:02 - Deterrent Controls
15:00 - Compensating Controls
16:08 - Performing A Security Control Assessment

About The Author
Michael Swanagan, CISSP, CISA, CISM

Resources & Links
What Is Cyber Security?

50 Free Information & Cyber Security Policy Templates


► If you need help securing your business from cyber attacks then feel free to reach out:

►Find us on Pinterest:

#securitycontrols #cybersecurity #expertexplains
Be the first to comment