What Are Controls and Why Are They Important?

No matter how large or small an organization, there needs to be a plan to ensure the security of critical ICT assets. Such a plan is called a security program by information security professionals and is facilitated through the selection and implementation of appropriate control mechanisms designed to act as countermeasures for preserving condentiality, availability, and integrity of all components that make up the organizations ICT infrastructure. Whether the plan is ve or two hundred pages long, the process of creating a control-based security program will make organizations think holistically about their security. A security program provides the framework for keeping an organization at a desired security level by assessing the risks they face, deciding how they will mitigate them, and planning for how to keep the program and security practices up to date.