A door lock with keys inserted.

Wondering what the various types of controls are in relation to Information Security? Here’s how they break down for the ones we will reference across the website.

Administrative Controls

Administrative controls are the policies, procedures, guidelines, and disciplinary actions defined by an organization. These items are considered a baseline for any Information Security program as they often define or reference what Technical or Physical controls are implemented.

Technical Controls

Technical controls are the tools and systems that help maintain specific configuration, detecting activity, prevent actions, correct issues, deter attackers, or provide compensation to weak points.

Common technical controls include auditing tools, user training, firewalls, Security Incident Event Managers (SIEM), Intrusion Detection Systems (IDS), Instruction Prevention Systems (IPS), antimalware, spam filtering, Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), Multi-Factor Authentication (MFA), Mobile Device Management (MDM), and so forth.

Physical Controls

Physical controls are those that control physical access to an asset, resource, or facility. In the Cannabis Industry, these are often developed in conjunction with the Physical Security / Asset Protection teams and include video surveillance (CCTV), access cards, guards, gates, fences, biometrics, locks, lighting, and so forth.

Security Controls

Security controls are a culmination of both Technical controls and Physical controls and are often used interchangeably.

Featured photo from Pexels by George Becker. 

Chris works as an Information Security professional in the Cannabis industry. They have over 20 years of experience in IT and work to share threat intel and mentor the next generation.

Threat Actor Profile: GanjaMask

Next article


Leave a reply

Your email address will not be published. Required fields are marked *