Security controls or security measures are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency.

Security controls are to help reduce the likelihood or any impacts of security incidents and protect the CIA triad for the systems and the data. While protecting it helps organizations meet its responsibilities; consistent risk management to systems, assets, data, networks and physical infrastructures.

Security controls can be classified by various criteria. One approach is to classify controls by how/when/where they act relative to a security breach, sometimes termed as control types:

Security controls can also be classified according to the implementation of the control (sometimes termed control categories), for example:

These classifications help organizations build a well designed multi-layered defense strategy, ensuring that they layers help control and prevent when threats are being taken placed.

Security controls include both technical controls (such as access management and fire walls) and administrative controls (including policies and procedures).

Effective controls testing and verification process allows: