What is a Security Control?
A Security Control is any safeguard or countermeasure implemented to protect systems, data, and operations from cyber threats. Security controls are designed to reduce risk by preventing, detecting, or responding to security incidents.
They are typically categorized into Technical Controls, Administrative Controls, and Physical Controls, and are implemented across environments to support frameworks such as NIST SP 800-53 and ISO/IEC 27001. Security controls form the foundation of any organization's Security Posture.
What is a Security Control used for?
Security controls are used to mitigate risks associated with Vulnerabilities, Attack Vectors, and evolving threats such as Malware, Phishing, and Exploits. They help organizations enforce policies, protect Critical Business Assets (CBA), and maintain operational resilience.
Security leaders use controls to implement strategies such as Defense in Depth and Zero Trust, ensuring layered protection and continuous monitoring through tools like SIEM and EDR.
