101: Types of Security Controls

Risk can be mitigated or deterred by the application of security controls. Security controls can generally be categorized as technical, management or operational.

Technical Controls
Technical controls are designed to secure networks, IT systems and data. Examples include:

  • Security software
  • Logical security controls
  • System architecture
  • Perimeter controls
  • Security appliances

Management Controls
These are high-level guidelines, standards and policies that align with the organization’s goals and provide a framework for operational procedures.

Operational Controls
These documented processes and procedures are used to reduce vulnerabilities in business functions. They are based on management controls and designed using technical controls.