What are security controls?
Security controls are a list of actions and measurements that allow an organisation to prioritise their efforts in protecting themselves and their important information against cybersecurity threats and personal data breaches.
Some critical controls have been set out by the National Cyber Security Centre:
- Inventory of Authorised and Unauthorised Devices
- Inventory of Authorised and Unauthorised Software
- Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
- Continuous Vulnerability Assessment and Remediation
- Malware Defences
- Application Software Security
- Wireless Access Control
- Data Recovery Capability
- Security Skills Assessment and Appropriate Training to Fill Gaps
- Secure Configurations for Network Devices such as Firewalls, Routers and Switches
- Limitation and Control of Network Ports, Protocols and Services
- Controlled Use of Administrative Privileges
- Boundary Defence
- Maintenance, Monitoring and Analysis of Audit Logs
- Control Access Based on the Need to Know
- Account Monitoring and Control
- Data Protection
- Incident Response and Management
- Secure Network Engineering
- Penetration Tests and Red Team Exercises