What are security controls?
Security controls play an important role in shaping the actions taken by cybersecurity professionals to protect an organization. A lack of proper security puts the integrity of content, availability of systems, and confidentiality of data at risk. There are three main types of IT security controls: technical, administrative, and physical.
Security controls are mainly countermeasures to reduce the likelihood that a threat may exploit a specific vulnerability. This act of reducing risks is called risk mitigation. Though it is improbable to stop all threats, all the time, it is still essential to decrease the likelihood of exploitation. This has been explained in detail in Chapter 3, Risk Assessment.
The primary goal when implementing security controls is to prevent and reduce the impact of security threats. Therefore, the effectiveness of the security controls depends on the right choice of control according to the risk assessment. The type of controls...