Hitachi Group Global Network




Middle East and Africa



Information Security Controls Frequently Asked Questions (FAQ)
You are here: Home \ CISO \ Information Security Controls Frequently Asked Questions (FAQ)
Posted on Tuesday, March 6th, 2018 by

Security Controls in a Nutshell: Improve Your Organization’s Security Maturity

Now more than ever, organizations need to strengthen their defenses to protect their critical data assets against security incidents and data breaches. Security controls are frequently cited as effective safeguards or countermeasures to avoid, detect, counteract or minimize “security” risks to a company’s assets. Depending on the industry you operate in, your organization may be subject to a specific set of information security controls, such as PCI DSS for payment processors, NIST for federal agencies in the United States, or more broadly applicable security control frameworks such as the 20 CIS Critical Security Controls or ISO 27001.

We’ve gathered a collection of the most frequently asked questions around security controls that may help your organization identify the types of controls that will be most helpful to improve your security maturity, achieve compliance and strengthen your defenses against data breaches and security incidents.


Which security control framework should I implement?

What’s the difference between security control frameworks? While many organizations are aware of security control frameworks in general, only few actually know which ones they should adapt and implement in order to improve their security maturity. Our blog article “NIST, CIS/SANS 20, ISO 27001 – Simplifying Security Control Assessments” was written with specifically this challenge in mind. It outlines the most commonly-known security control frameworks and provides recommendations for which framework makes sense for your organization, depending on your industry, business objectives and level of security maturity. If you’re looking to conduct a control assessment, the article may provide helpful information on where to start.


How can security controls help secure my organization?

The primary objective of security controls is to help organizations manage their risk and protect their critical data assets from intrusions, security incidents and data loss. If you’re wondering how exactly security controls can help secure your organization, check out this blog article explaining each of the 20 security controls as recommended by the Center for Internet Security (CIS), and provides detailed examples for how they can help organizations reduce their risk, strengthen their security posture and lower operational costs.


Why aren’t more organizations using security controls?

Despite the obvious benefits of implementing controls (see above), many organizations are still hesitating to take the leap. Why is that? What are the challenges that organizations may face? And would it be better to implement controls yourself or outsource the project to an external provider? We’ve compiled an article about the numerous obstacles in deploying cybersecurity frameworks that companies face. This post will help you understand the challenges that you may encounter and what you can do to overcome them.


How can I measure the effectiveness of my security controls?

Although organizations are starting to implement security controls, many are still at a loss when it comes to measuring their effectiveness. Too often, they rely on good old Excel spreadsheet to document which controls they’ve implemented – spreadsheets which require manual updating and lots of time. Instead, what organizations need is a cybersecurity analytic tool that will provide an at-a-glance overview of how well your security controls are working and how they impact your security maturity overall. In our blog article “How to Measure Controls Effectively”, we talk about how you can track controls to understand your current security posture, see it evolve over time and lower your cybersecurity risk in line with your business objectives.


If you would like to learn more about security controls and about which controls tend to be most useful to effective cyber defense, check out our webinar hosted in collaboration with the SANS Institute about “Managing the CIS Critical Security Controls within Your Enterprise”.

Managing the CIS Critical Security Controls within Your Enterprise

Katharina Gerberding
About author:
Katharina Gerberding is the Marketing Manager, Content Strategy at Hitachi Systems Security in Montreal, Quebec, Canada. In her current role, she is responsible for developing impactful content marketing strategies to strengthen the organization’s brand recognition, support sales efforts, and help raise awareness for cybersecurity across the globe. Katharina graduated with a Master’s degree in Cross-Cultural Communication and Business Management from Newcastle University, U.K., and obtained a dual Bachelor’s degree in Multilingual Communication and Linguistics from Cologne University of Applied Sciences, Germany, and Northumbria University, U.K. Since 2012, she is member of the sponsorship committee of the humanitarian mission “Sainte-Justine at the Heart of the World”, which facilitates knowledge exchange in pediatric cardiology for children around the world. Katharina is passionate about communications, cross-culturalism and holistic living, and can be found exploring the many restaurants of Montreal in her free time.

Latest Webinars | Watch Now

Cybersecurity, Cyber Crime and Your Business — How to Strengthen Your Cybersecurity Posture – In collaboration with Cytelligence

Watch Now

Cybersecurity 101 for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now

Introduction to Technical Security Testing for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now