Skip to main content
Hashnode🌟Security+ Journey

Command Palette

Search for a command to run...

🔥Day 7 of My Security Journey

Published
•2 min read
🔥Day 7 of My Security Journey
A
ADITYA DHIMAN

Student @GKV.FET BTECH CS UG'26 | Python | C | DSA | AWS.

Security Controls & Gap Analysis

Today’s topic felt like a crash course in “how organizations actually stay secure.” It wasn’t about one tool or one trick, but about the different types of controls and how to figure out where you’re lacking through a gap analysis*.*

🛡️ Security Control Categories

I learned that security controls come in four broad flavors. Think of them as different layers of armor for an organization:

  1. Technical Controls – Firewalls, encryption, intrusion detection systems. Basically, the tech side of defense.

  2. Managerial Controls – The admin stuff: policies, governance, and planning. (Not glamorous, but without it everything collapses.)

  3. Operational Controls – Day-to-day human-driven processes like training, monitoring, or incident response.

  4. Physical Controls – The real-world locks, guards, CCTV, and access badges. Because hey, stealing a server physically is still a threat!

🔎 Security Control Types

Then there are six basic types of security controls (felt like a menu card of defense tools 🍴):

  • Preventive – Stop attacks before they happen.

  • Deterrent – Make hackers think, “Too much effort, not worth it.”

  • Detective – Catch malicious activities while or just after they happen.

  • Corrective – Fix things and restore normal operations.

  • Compensating – Backup measures when the main control isn’t possible.

  • Directive – Policies, standards, and documentation that guide user behavior.

Reading this gave me a new appreciation of how layered and diverse cybersecurity really is—it’s not just about blocking, it’s about managing risk from every angle.

📊 Gap Analysis – Finding the Weak Spots

The second half of my study was about Gap Analysis—basically asking:
👉 Where are we today? Where do we want to be? And what’s missing in between?

Steps I learned:

  1. Define the scope.

  2. Gather data about the current state.

  3. Identify gaps.

  4. Make a plan to fix them.

There are two main types:

  • Technical Gap Analysis – Focuses on tech infrastructure.

  • Business Gap Analysis – Focuses on processes and operations.

The cool part? Organizations use something called a Plan of Action and Milestones (POA&M) to address these gaps—like a roadmap with deadlines and resources allocated.

💭 My Reflection on Day 7

What stood out to me today is that cybersecurity is never “done.” You’re always checking, adjusting, and improving. Security controls give you the tools, but gap analysis makes sure you’re actually using them effectively.

It’s like going to the gym—you can have the best equipment (controls), but without a proper workout plan (gap analysis + POA&M), you won’t make progress.

#securityawareness#securitycontrols#cybersecurity-1

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

🌟Security+ Journey

41 posts