A company has many different methods and ways to control and secure their assets, including employees, data, and physical buildings/structures. First and foremost, a company can utilize perimeter controls. Perimeter controls protect the company from attacks or intrusions externally. There are many types of perimeter controls or control systems a business, individual, or organization can have in place. Security measures such as a fence, security guards, or something as familiar as locks can be implemented. A popular perimeter control that a business, individual, or organization will have to protect physical assets/security would be cameras. Cameras can be something that not only allows remote security and peace of mind but, if properly installed, can have integrated alerts, facial recognition properties, or more. A firewall would also be a common and popular perimeter control as if setup correctly blocks unauthorized users from accessing the companies network. According to sciencedirect.com, “Firewalls are a perimeter security device that limits the ingress and egress of data and connections, primarily based on the network services.”.
Internal controls are another thing a company or business can have in place. Internal controls protect a companies assets internally, usually by preventing false accounting, manipulation, or in general fraudulent employee activity. According to reciprocitylabs.com, “There are three main types of internal controls: detective, preventative, and corrective.”. Detective internal controls involve audits, financial reporting, or other related controls. Preventative controls are controls set in place to prevent overall fraudulent attempts or minimize a chance of a dishonest effort from happening. An example of this could include having two or more employees in a company to perform accounting tasks. Finally, corrective internal controls are utilized after internal detective controls discover an issue/fraudulent occurrence.
A layered approach of overall security constitutes a defense in depth strategy. According to imperva.com, “Defense-in-depth is an information assurance strategy that provides multiple, redundant defensive measures in case a security control fails or a vulnerability is exploited.”. This means that a company has enough perimeter security and internal security to function correctly and maintain the proper protection for their assets and has redundancy in place.
According to bakertilly.com, “To verify the effectiveness of security configuration, all organizations should conduct vulnerability assessments and penetration testing.”. A company/organization must also keep up to date with their security measures, especially with the constant advancement of breaches. To do this, vulnerability assessments and penetration assessments should be re-evaluated regularly.
References
Monitoring and verifying cybersecurity controls effectiveness. (n.d.). Baker Tilly. https://www.bakertilly.com/insights/monitoring-and-verifying-cybersecurity-controls-effectiveness/
Perimeter Security - an overview | ScienceDirect Topics. (n.d.). ScienceDirect.Com. https://www.sciencedirect.com/topics/computer-science/perimeter-security
What are the 3 Types of Internal Controls? (n.d.). Reciprocity. https://reciprocitylabs.com/resources/what-are-the-3-types-of-internal-controls/#:%7E:text=There%20are%20three%20main%20types,the%20assets%20of%20an%20organization.
What is Defense in Depth | Benefits of Layered Security | Imperva. (2019, December 29). Learning Center. https://www.imperva.com/learn/application-security/defense-in-depth/