What Is Security?
Security refers to the systems and controls, both hardware and software, that protects your company’s assets from getting into the wrong hands, through a breach, leak, or cyber attack. From firewalls to strong password management tools to multi-factor authentication, security practices you implement are designed to prevent hackers and other threats from impacting your organization’s daily functioning and bottom line.

IT Infrastructure
IT infrastructure is the organization of all of the components of your computing system – the hardware, software, Wi-Fi and internet connectivity, firewalls, servers, personal devices, data center and cloud computing environment. The software component includes operating systems, web servers, and antivirus and antimalware software that protect you from cybersecurity attacks.

Network Access
From passwords to firewalls, network access includes any strategies to restrict access to your company’s network and to limit access to tools, apps, and folders to ensure that the right people are accessing the right data. Identity access management (IAM) tools offer strong strategies for ensuring that your network access is secure.

Authentication
Authentication includes any tools that provide assurance over a user’s identity. Two-factor authentication (2FA) or multi-factor authentication (MFA) are tools that strengthen password protections; these tools can include bioinformation, keys, or confirmation of identity through an app on a separate device.

Three Types of Security Controls
There are three core types of security controls: physical, technical (also known as operational), and administrative. Physical controls are security controls like locks, access cards, and bioinformatics like retinal scans which prevent users from accessing hardware and entering premises where servers are housed. Technical controls include operational measures like antimalware and antivirus software, identity and access management controls, and authentication. Administrative controls are the rules and procedures that you have set for using your computing systems and implementing security measures; these are generally set by management and IT governance.