Security controls, according to my textbook are "technical, procedural, and administrative methods used to prevent or, detect and recover from, attacks." The purpose of a security control is to ensure that a threat cannot exploit a known vulnerability in an IT system so that damage is prevented or minimized."
Tutor, can you provide some examples of security controls?
How do you think the CSPM might go about determining which security controls to recommend?