Risk can be mitigated or deterred by the application of security controls. Security controls can generally be categorized as technical, management or operational.
Technical controls are designed to secure networks, IT systems and data. Examples include:
- Security software
- Logical security controls
- System architecture
- Perimeter controls
- Security appliances
These are high-level guidelines, standards and policies that align with the organization’s goals and provide a framework for operational procedures.
These documented processes and procedures are used to reduce vulnerabilities in business functions. They are based on management controls and designed using technical controls.