GlossaryInformation security

Control

A measure that reduces risk, by modifying a threat, a vulnerability, or the impact of an incident.

A control is any safeguard or countermeasure that lowers risk. Controls can be technical, such as encryption, organizational, such as a policy, physical, such as a locked door, or people-related, such as training.

Controls are often described as preventive, detective, or corrective, depending on whether they stop an incident, spot it, or limit its damage. ISO/IEC 27001 Annex A is a widely used reference catalogue of controls.

Related frameworks

ISO 27001

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

Control

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

Control

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal