Key Controls in Cybersecurity Risk Management: Definition & Use

Instructor: Beth Hendricks

Beth holds a master's degree in integrated marketing communications, and has worked in journalism and marketing throughout her career.

Key controls help alleviate risks to business, from the information security department and beyond. In this lesson, you'll learn more about these controls, why they're important and how they help manage activities.

Payroll Control

Samantha is a payroll clerk at the fictional outdoor retailer, Wildlife Superstore. Every two weeks, she is responsible for issuing paychecks to more than 2,000 employees. Each check requires the signatures of two authorized check signers from within the company.

Key controls in a business help manage risks to the company.
key, controls, cybersecurity, risk, management

Having two signatures on each payroll check eliminates the possibility that someone could forge a check, cash it and steal money from the organization. In this way, it is a control that Wildlife Superstore has put into place to minimize a risk to its bottom line.

In addition to payroll, businesses implement all types of controls as safeguards to help mitigate internal and external problems. They may require employees to take mandatory vacation days to separate them from their duties for a period of time. They could request each department submit a budget in order to watch how funds are spent. They might even conduct back-ups as a safeguard against losing important data.

As you can see, controls are exceedingly important. But what are key controls in cybersecurity risk management?

Key Controls Defined

Key controls are the procedures organizations put into place to contain internal risks. Typically you can identify key controls because:

  • They will reduce or eliminate some type of risk.
  • They are regularly tested or audited for effectiveness.
  • They protect some area of the business.
  • They can expose a potential area of failure.

The whole purpose of establishing key controls is to mitigate risk in the business. As you saw in the lesson's opening, a control in the payroll department is different than one which might be put in place in the IT department. Wherever a risk is identified, there may be a varying key control initialized in an effort to protect the business. In information security, key controls might be as simple as antivirus software, firewalls or regular security training.

Once they've been implemented, key controls should be regularly evaluated to be certain that the need for them is still being met and that they are functioning properly. Evaluating the effectiveness of these controls can be achieved by assessing the quality of the implementation on the administrative side. Metrics should also be established and analyzed to ensure that the key controls are doing their job (i.e. the reduction of infected machines after antivirus software is installed).

Controlling Activities

When you're talking about utilizing key controls to regulate activities within information security, there are three primary steps any organization must consider taking:

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account