> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/5.-assets-threats-and-vulnerabilities/module-2/safeguard-information/security-controls.md).

# Security controls

#### The Pareto-Optimized, ADHD-Friendly Breakdown:

**Why Security Controls Matter**

In a world swimming in data, organizations must protect it from theft and exposure. Security controls are the tools and processes that reduce risks before, during, and after security events. They are the backbone of cybersecurity, ensuring sensitive information stays safe.

***

**The Big Three: Types of Security Controls**

1. **Technical Controls**
   * The tech that protects data: encryption, authentication, firewalls.
   * Think: The digital fortress around your assets.
2. **Operational Controls**
   * Day-to-day actions like awareness training or incident response.
   * Think: The people and processes ensuring security happens every day.
3. **Managerial Controls**
   * Policies, standards, and procedures that guide the other two.
   * Think: The rules of the game ensuring everyone plays smart and safe.

***

**The Role of Information Privacy**

At its core, privacy is about control—deciding who accesses, edits, or shares data. Organizations must balance user trust with security, applying controls that protect data while respecting this "right to choose."

***

**A Real-World Example: Booking a Flight**

* You share personal info (name, email, credit card) with a travel app.
* Security controls ensure:
  * Only necessary employees access your info.
  * Access is temporary and situational.
  * Your credit card isn’t visible to the marketing team.
  * This is **the principle of least privilege** in action.

***

**Key Players in Data Protection**

1. **Data Owners**
   * The decision-makers for who can access, edit, or destroy data.
   * Example: A company’s leadership deciding on intellectual property access.
2. **Data Custodians**
   * Responsible for safely handling, storing, and transporting data.
   * Example: IT systems and employees keeping info secure.

***

**The Big Takeaway**

Data is an asset, and protecting it requires classification, handling, and the right security controls. The **principle of least privilege** ensures access is only granted as needed, and the interplay between owners and custodians keeps everything secure.

Keep this trio—technical, operational, managerial—in your cybersecurity toolbox to reduce risks effectively.
