Wondering what the various types of controls are in relation to Information Security? Here’s how they break down for the ones we will reference across the website.
Administrative controls are the policies, procedures, guidelines, and disciplinary actions defined by an organization. These items are considered a baseline for any Information Security program as they often define or reference what Technical or Physical controls are implemented.
Technical controls are the tools and systems that help maintain specific configuration, detecting activity, prevent actions, correct issues, deter attackers, or provide compensation to weak points.
Common technical controls include auditing tools, user training, firewalls, Security Incident Event Managers (SIEM), Intrusion Detection Systems (IDS), Instruction Prevention Systems (IPS), antimalware, spam filtering, Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), Multi-Factor Authentication (MFA), Mobile Device Management (MDM), and so forth.
Physical controls are those that control physical access to an asset, resource, or facility. In the Cannabis Industry, these are often developed in conjunction with the Physical Security / Asset Protection teams and include video surveillance (CCTV), access cards, guards, gates, fences, biometrics, locks, lighting, and so forth.
Security controls are a culmination of both Technical controls and Physical controls and are often used interchangeably.
Featured photo from Pexels by George Becker.