Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
Security controls
Summary
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.
Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency.
Security controls can be classified by various criteria. For example, controls are occasionally classified by when they act relative to a security breach:
Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders;
During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police;
After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible.
Security controls can also be classified according to their characteristics, for example:
Physical controls e.g. fences, doors, locks and fire extinguishers;
Procedural or administrative controls e.g. incident response processes, management oversight, security awareness and training;
Technical or logical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;
Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.
For more information on security controls in computing, see Defense in depth (computing) and Information security
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Some of the most well known standards are outlined below.
ISO/IEC 27001:2022 was released in October 2022.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.