Problem
Information security controls are safeguards or countermeasures to reduce information security risks, such as data theft. These security controls are intended to help protect the availability, confidentiality, and integrity of data and the network. Information security controls can be classified into three different categories, as follows:
1. Administrative or managerial controls: These include governance, policies, and procedures (e.g., the account password policy in your company).
2. Technical controls: These include hardware, software, and firmware (e.g., antivirus software being required to be installed on your company laptop).
3. Physical controls: These involve people's movements being restricted or monitored (e.g., the security guards at the entrance of your company building).
4. How could each control be used in a company (the company can be either your current company, a company that you previously worked at, or a company where you would like to work)?
5. In your opinion, which of the three controls is the most difficult for companies to implement and manage? Why?