Cyber Security

Security Controls

By Mark Sharron | Updated 8 March 2024

Jump to topic

What are security controls?

Security controls are a list of actions and measurements that allow an organisation to prioritise their efforts in protecting themselves and their important information against cybersecurity threats and personal data breaches.

Some critical controls have been set out by the National Cyber Security Centre:

  • Inventory of Authorised and Unauthorised Devices
  • Inventory of Authorised and Unauthorised Software
  • Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
  • Continuous Vulnerability Assessment and Remediation
  • Malware Defences
  • Application Software Security
  • Wireless Access Control
  • Data Recovery Capability
  • Security Skills Assessment and Appropriate Training to Fill Gaps
  • Secure Configurations for Network Devices such as Firewalls, Routers and Switches
  • Limitation and Control of Network Ports, Protocols and Services
  • Controlled Use of Administrative Privileges
  • Boundary Defence
  • Maintenance, Monitoring and Analysis of Audit Logs
  • Control Access Based on the Need to Know
  • Account Monitoring and Control
  • Data Protection
  • Incident Response and Management
  • Secure Network Engineering
  • Penetration Tests and Red Team Exercises
complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Streamline your workflow with our new Jira integration! Learn more here.