Exploring the Journey of a Cybersecurity Enthusiast: Navigating the World of Security Controls

As a cybersecurity enthusiast, I’ve always been drawn to the fascinating world of protecting sensitive information and systems from cyber attacks. And so, my journey towards becoming a certified cybersecurity professional began with a simple morning routine at university.

After completing my daily tasks, I dove into the captivating podcast series “DARKNET DIARIES” by Jack Rhysider, which kept me informed and motivated as I started my course to become ISC2 certified. Today, I’m thrilled to take you along with me on my journey as I delve into the world of “Security Controls.”

But what exactly are Security Controls? In simple terms, they are physical, technical, and administrative mechanisms that act as safeguards to protect the confidentiality, integrity, and availability of an information system and its information. The implementation of security controls, after conducting a thorough risk analysis, helps reduce the risk to an acceptable level.

So, how do these security controls work? There are three main categories:

1. Physical Controls: This category deals with security controls that are physically implemented using hardware devices, such as badge readers, building architecture, and specific security measures taken by people. These controls help control, direct, or prevent the movement of people and equipment within a specific physical location, such as an office building, factory, or other facility.
2. Technical Controls (also known as Logical Controls): These security controls are directly implemented in computer systems and networks. They provide automated protection from unauthorized access or misuse, detect security violations, and support security requirements for applications and data. Technical controls can be managed through software or hardware settings.
3. Administrative Controls (also known as Managerial Controls): These are guidelines, directives, or advisories aimed at the people within an organization. They provide a framework, constraints, and standards for human behaviour, covering the entire scope of the organization’s activities and interactions with external parties and stakeholders.

During my journey, I learned that administrative controls, when properly implemented through systematic training and practice, can be powerful tools for achieving information security. Even the simplest security awareness measures can be effective if a comprehensive risk assessment of technical, human, and environmental threats is conducted and appropriate mitigation and security control options are put in place to protect the security and integrity of an organization’s information.

In conclusion, understanding and implementing security controls is an essential part of a cybersecurity professional’s daily life. I hope this journey was informative and has given you a deeper insight into the world of cybersecurity. Thank you for reading, and until next time!