// THREAT DETECTION AND DATA PRIVACY TERM
Security Control
A security control is any administrative, technical, or physical safeguard used to protect the confidentiality, integrity, and availability of information systems and data from potential threats.
TECHNICAL DEFINITION
A security control is a defined safeguard or countermeasure employed within an organization's cybersecurity architecture to mitigate vulnerabilities and reduce risks to information systems and data assets, often categorized as administrative, technical, or physical, aligning with frameworks like NIST or ISO 27001.
BACKGROUND
The Cybersecurity and Infrastructure Security Agency (CISA), headquartered in Arlington, Virginia, is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Safeguard
- Countermeasure
- Protection mechanism
- Control mechanism
- Security measure
- Mitigation control
USAGE NOTE
Security controls are essential components of an organization's overall risk management strategy and are often selected and implemented based on specific compliance requirements or risk assessments.
DEVELOPERS
Organizations developing technology related to Security Control.
Develops a comprehensive platform for enterprise security, including next-generation firewalls, cloud security, and endpoint protection, all focused on enforcing security controls across networks, clouds, and endpoints.
A leader in endpoint protection, cloud security, threat intelligence, and identity protection. Their Falcon platform implements critical security controls for endpoint detection and response (EDR), next-gen antivirus (NGAV), and vulnerability management.
Offers a vast suite of security products including Microsoft Defender for Endpoint, Identity, Cloud Apps, and Azure Security Center, providing extensive security controls for identity, data, endpoints, and cloud infrastructure.
Provides a range of security solutions including QRadar SIEM (Security Information and Event Management), identity and access management (IAM), data security, and security services, all designed to help organizations implement and manage security controls.
Known for its Security Information and Event Management (SIEM) platform, Splunk Enterprise Security, which enables organizations to monitor, detect, investigate, and respond to security incidents, thereby enforcing and verifying security controls.
Specializes in vulnerability management and attack surface management. Their Nessus and Tenable.io platforms provide continuous assessment of security posture, helping organizations identify weaknesses and implement appropriate preventative controls.
A leading independent provider of Identity and Access Management (IAM) solutions, focusing on secure access for employees and customers. Okta provides foundational security controls for authentication, authorization, and user provisioning.
Develops a broad range of high-performance cybersecurity solutions, including firewalls, secure SD-WAN, endpoint security, and SIEM. Their integrated platform helps enforce network, application, and data security controls.