Cybersecurity management: implementing cybersecurity controls

In the third chapter of our series on the five key components of an effective cybersecurity management program, we take a deeper dive into the process of implementing cybersecurity controls and provide an overview of some leading cybersecurity control standards.

What are cybersecurity controls?

Cybersecurity controls include safeguards or countermeasures implemented by an organization to protect itself from an incident that may result in the compromise of electronic information. When discussing cybersecurity, a compromise of electronic information means any event that reduces the confidentiality, integrity, or availability of that electronic information. In a rapidly evolving technology and cybersecurity landscape, the conventional wisdom is that any organization can and will suffer a security incident—it’s a matter of when, not if. This very premise is what makes the strategic and effective implementation of cybersecurity controls so important. 

Cybersecurity controls may be of several types. Some are preventive; some are detective. Some are automated with configurable technical safeguards; some are manual procedures. It is through an effective balance of cybersecurity controls across people, process, governance, and technology that an organization may not only enhance its ability to defend against a compromise, but also increase its ability to detect an inevitable security compromise while at the same time limiting its exposure and impact.

Cybersecurity controls may:

• Prevent – An organization performs these activities to make it more difficult for an attacker to compromise its systems, including vulnerability testing and server hardening, network segmentation, password hygiene, and user access provisioning controls.
• Detect – These controls include activities that an organization performs to discover security incidents in progress and alert them to cybersecurity support personnel. Detective controls may involve reviews of firewall and server logs, intrusion detection system (IDS) logs, and changes to system configurations.