IT security controls are actions that are taken as a matter of process, procedure or automation that reduce security risks. They may be identified by security audits or as a part of projects and continuous improvement. The following are illustrative examples of IT security controls.
AuthenticationEmployees are required to pass multi factor authentication before gaining access to offices.
Audit TrailA web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.
TrainingEmployees are trained in defensing computing on an annual basis.
Peer ReviewDesign changes to a critical system require a secure code review.
CommunicationEmployees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.
Incident ManagementAny employee who loses an electronic device that has been used for work is required to report an incident immediately.
CryptographyData in storage is encrypted on all devices.
PasswordsSystems perform validation to ensure employees choose strong passwords.
ProcessesAn IT governance process reviews security incidents on a monthly basis.
AutomationA website places a three hour freeze on a customer's account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.
Configuration ManagementChanges to firewall rules require an approved change request.
Security TestingMajor system software releases are required to undergo security testing.
This is the complete list of articles we have written about information security.
If you enjoyed this page, please consider bookmarking Simplicable.
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.
View credits & copyrights or citation information for this page.