Controls
Develop resilience with next-generation information security controls.
With our digital society's ever-growing reliance on data and interconnectivity, it is time to develop resilience with next-generation information security controls.
Information security controls are wide-ranging and can be implemented at every level of the OSI model. There are nearly 100 different categories of controls but in general terms, they can be grouped into the following:
- Directive (Policies etc)
- Preventative (Reduce the likelihood of a security event)
- Detective (Identify when a security event has occurred)
- Corrective (Correct errors, omissions or malicious acts once they are detected)
- Recovery (Associated with business continuity or disaster recovery and reduce the impact of a security event)
Whichever category they fall into, the purpose of an information security control is to preserve the confidentiality, integrity and availability of data, and reduce risk to a level that is acceptable to the organisation.
Preserving the confidentiality, integrity and availability of data
Confidentiality is all about securing data and keeping it away from those that should not be accessing it. Confidentiality is sometimes mandated by regulations or standards due to the sensitivity of the data in question. Controls that could fall into this category include:
- Encryption
- Secure data transfer methods
- Identity and Access Management
- Multi-Factor Authentication
- Security awareness training
- Application management
Integrity is all about change control for data, ensuring that no unauthorised modifications take place without the knowledge and consent of the data owner. Controls that fit into this category could be:
- File integrity monitoring
- Malware protection
- Intrusion detection system
- Logging and monitoring
- Secure coding practices
Availability is all about authorised users being able to access and use data whenever they need it. This has clear links to business continuity and disaster recovery. Controls that fall into this category could be:
- Data Loss Prevention
- Intrusion prevention system
- Backups
- Vulnerability and patch management
- Cloud adoption
The above lists are not restrictive as it is not always simple to categorise controls into one of the above three pillars of security. Security events often have a wide variety of impacts due to the aggressive or transitional nature of an attack. As such, controls have to equally span one or more categories in order to be effective.
Evaluating information security controls
Information security control objectives should complement those of the organisation, using controls to securely enable business processes rather than hindering them.
Information Security Controls should be evaluated in conjunction with the following:
- Legislative restraints or requirements
- Regulatory restraints or requirements
- Organisational restraints or requirements
- Operational restraints or requirements
- Cost vs risk reduction
- Cost of implementation and monitoring vs cost of loss from an incident
Controls solutions
![Questionnaire]()
Learn moreSecurity assessments
Our security assessments deliver actionable recommendations to improve security.
![Firewall]()
Learn moreNGFW Next-Generation Firewall solutions
Protect your network edge, data center, and cloud applications with next-generation physical, virtual, and containerized firewalls.
![Security gate]()
Learn moreNAC Network Access Control
Network Access Control solutions built for the next generation of networks.
![Focus]()
Learn moreIAM Identity & Access Management
Protect and monitor user access in multi-perimeter environments with our IAM solutions.
![Digital key]()
Learn moreDLP Data Loss Prevention
No-compromise data protection that stops data loss.
![Lock portrait]()
Learn moreMFA Multi-Factor Authentication
More security for your data and applications without additional effort for your users.
Connect with usGet in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.
Latest news and blog posts
Zero Touch Provisioning Juniper Networks
Case study: Using Juniper Zero Touch Provisioning with Raspberry PI 4
With Zero Touch Provisioning (ZTP) you can automatically provision new Juniper Networks devices in your network with very little manual interaction. In this case study, we discuss the use of Raspberry PI as an FTP and DHCP server.
Eslam Eid Hassan
Juniper Networks
Juniper Networks offers new Secure Edge CASB and DLP capabilities to simplify the SASE experience
Juniper uniquely delivers full-stack SASE with a complete suite of Secure Edge SSE capabilities, unified security management and the only SD-WAN solution driven by Mist AI.
AltNets
AltNets must move fast for FTTP gains
Help from commercial and infrastructure partners to scale their fibre networks quickly in line with industry standards is critical to long term success.
Martin Courtney