Unit 03: Control Controls are a set of procedures and technological measures to ensure secure and efficient operation of information within an organization, both general and application controls for safeguarding information. These control activities are applied throughout an organization. The most important general controls are the measures that control access to computer systems and the information stored or transmitted over telecommunication networks. General controls include administrative measures that restrict employee access to only those processes directly relevant to their duties, thereby limiting the damage an employee can do. IT security is about protecting things that are of value to an organization. Security controls exist to reduce or mitigate the risk to those assets. They include any type of policy, procedure, technique, method, solution, plan, action, or device designed to help accomplish that goal. Recognizable examples include firewalls, surveillance systems, and antivirus software. There are two (02) ways to classify controls in an organization: (01) by type - physical, technical, or administrative - and (02) by function-preventive, detective, and corrective Control Types Physical Controls - Describes anything tangible that's used to prevent or detect unauthorized access to physical areas, systems, or assets. This includes gates, access cards, CCTVs, and motion sensors. Technical Controls - (also known as logical controls) Includes hardware or software mechanisms used to protect assets. Common examples are authentication solutions, firewalls, and antivirus software. Administrative Controls - Refers to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals. These can apply to the hiring and termination of employees, equipment and Internet usage, separation of duties, and auditing. Control Functions Preventive Controls - These is any security measure that is designed to prevent or stop any malicious activity from happening. These can be fences, alarms, and antivirus software. Detective Controls - These is any security measure taken or implemented to detect and alert to unwanted or unauthorized activity in progress or after it has occurred. It can be alerting guards or notifications from a motion sensor. Corrective Controls - Any measures taken to repair damage or restore resources and capabilities following an unauthorized or unwanted activity. This may include rebooting the system, or terminating a process, or quarantining a virus.