A-Z Popular Blog Security Search »
Information Security
Related Guides
Confidential Information

Related Topics
Cybersecurity Risk

Network Security

40 Examples of Security Controls

 , updated on
IT security controls are actions that are taken as a matter of process, procedure or automation that reduce security risks. They may be identified by security audits or as a part of projects and continuous improvement. The following are common examples of IT security controls.
Security monitoring
Intrusion detection systems
Security policies
Security procedures
Background checks for employees and partners
Security awareness training
Access control policies
Least privilege access
Multi-factor authentication for access
Incident response plans
Security risk assessments
Security infrastructure
Configuration management
Change control
Physical security
Physical perimeter security
Security architecture and landscaping
Secure storage
Visitor management processes
Emergency response plans
Security guards
Alarms and alert systems
Access control systems
Surveillance systems
Segregation of duties
Disaster recovery plans
Security risk assessments
Patch management
Encryption of all data in rest and transit
Secure architecture reviews
Secure code reviews
Control and audit software installations
Monitor and audit remote access
Incident communication and reporting
Threat intelligence gathering
Asset inventory and health checks
Retiring legacy technology
Secure storage of encryption keys
Audit access management events
Compliance reporting


Employees are required to pass multi factor authentication before gaining access to offices.

Audit Trail

A web server records IP addresses and URLs for each access and retains such information for a period of time as an audit trail.


Employees are trained in defensing computing on an annual basis.

Peer Review

Design changes to a critical system require a secure code review.


Employees are prohibited from attaching documents to internal emails as they can easily be misaddressed. Instead, employees send a link to a document management system that offers authentication and authorization.

Incident Management

Any employee who loses an electronic device that has been used for work is required to report an incident immediately.


Data in storage is encrypted on all devices.


Systems perform validation to ensure employees choose strong passwords.


An IT governance process reviews security incidents on a monthly basis.


A website places a three hour freeze on a customer's account if they get their password wrong five times. This dramatically reduces the potential for brute force attacks.

Configuration Management

Changes to firewall rules require an approved change request.

Security Testing

Major system software releases are required to undergo security testing.

Segregation of duties

Segregation of duties is the design of authority such that no one employee can cause an information security incident.
Overview: IT Security Controls
Actions that are taken as a matter of process, procedure or automation that reduce security risks.
Related Concepts
Next: Information Security
More about cybersecurity:
Audit Trail
Canary Trap
Confidential Information
Critical Infrastructure
Cryptographic Keys
Cryptographic Salt
Cybersecurity Risk
Data Breach
Data Remanence
Data Room
Data Security
Deep Magic
Defense In Depth
Digital Identity
Failure Of Imagination
Incident Response
IoT Security
Key Stretching
Network Security
Operations Security
Overlay Network
Password Entropy
Password Fatigue
Proof Of Work
Secure Code Review
Security As A Service
Security Controls
More ...
If you enjoyed this page, please consider bookmarking Simplicable.

Security vs Privacy

The relationship between security and privacy.


An overview of technology hardening.

Deep Magic

An overview of deep magic, a technology term.

Defense In Depth

An overview of defense In depth.

Encryption Examples

A definition of encryption with examples.

Canary Trap

A definition of canary trap with an example.


A definition of honeypot with examples.

Security Through Obscurity

A definition of security through obscurity with an example.


A definition of token with examples.


A definition of backdoor with examples.

Data Backup

Several data backup techniques compared.

Sandbox Definition

An overview of sandboxes. An information security technique.

Strong Password

A few examples of what makes a password strong or weak.

Zero-day Vulnerability

An overview of zero-day vulnerability.

Personal Information

A definition of personal information with examples.


A definition of cybersecurity with examples.

Public Network

A definition of public network with examples.


A definition of sandbox with examples.
The most popular articles on Simplicable in the past day.

New Articles

Recent posts or updates on Simplicable.
Site Map