[Jessica Jagerson]

Discuss the types of controls a company could implement to help secure a company’s net.

[Teisha Nolen]

When it comes to securing a company’s network, layered controls are essential. I have seen in my career how combining technical, administrative, and physical safeguards creates a resilient defense. Technical controls like firewalls, intrusion prevention systems, and multi-factor authentication help block unauthorized access and detect threats in real-time. Encryption tools like BitLocker are especially valuable as they protect data at rest by securing entire drives, which is critical for laptops and mobile devices.
Administrative controls guide behavior – security policies, user training, and role-based access ensure that people understand their responsibilities and only access what they need. Implementing user access controls based on least privilege reduces risk and limits exposure should credentials be compromised.
Physical controls like locked server rooms and badge access prevent unauthorized entry to hardware. Together, these controls form a defense-in-depth strategy. No single measure is enough, but when layered intentionally, they reduce risk, anticipate failure, and support business continuity. That’s the kind of security posture organizations need to thrive.

[Mjulius513]

I agree that using layered security controls is the best way to protect a company’s network. Technical tools like firewalls and encryption keep data safe, while administrative controls and training help people use systems responsibly. Physical security adds another layer of protection. Together, these layers create a strong defense that reduces risk, prevents attacks, and keeps business systems running smoothly.

[Trae Johnson]

You’ve outlined an excellent model for network security with an emphasis on layered controls. I agree technical, administrative, and physical controls, when combined, offer a solid, secure barrier. Technical controls like firewalls, intrusion prevention systems, multi-factor authentication, and encryption prevent malicious actors from unauthorized access and encrypt sensitive data. Administrative controls like policy, training, and role-based access inform users of their responsibilities and limit exposure if their credentials are compromised. Physical controls such as locked server rooms and badge access add another layer of security. All of these are collectively elements of a defense-in-depth strategy that reduces risk, prevents expected failures, and assists in ensuring business continuity—just the type of security posture organizations need to have.

[Misty Stewart]

To keep a company’s network safe, organizations use several layers of protection. First, physical controls mean locking up important equipment like servers and routers, using security cameras, and limiting who can enter certain areas. Technical controls include things like firewalls, antivirus programs, and systems that watch for suspicious activity. These tools help protect data whether it’s being sent or stored. Companies also divide their networks and set rules so people can only access what they need. Finally, administrative controls are about having good policies, such as regular security training for staff, plans for handling security incidents, and making sure users prove who they are, often with extra steps like multi-factor authentication. Using all these methods together helps reduce risks and keeps out hackers and other threats.

[Teisha Nolen]

Hi Misty! Great job on your post! You’ve effectively captured the essence of layered security. Combining physical, technical, and administrative controls creates a strong defense-in-depth strategy that is crucial in business today. I agree with the emphasis on user access restrictions and multi-factor authentication. These are essential for minimizing insider threats and ensuring only authorized personnel can access sensitive systems and data.

[Caleb Kiser]

Hi Misty,

Great explanation! You did a nice job outlining how physical, technical, and administrative controls all work together to protect a company’s network. I especially appreciate how you mentioned multi-factor authentication and staff training, as these human-focused measures are often overlooked but make a significant difference in overall security.

[Trae Johnson]

Organizations can implement different types of controls that function in combination with one another to secure data, systems, and users. The three broad categories are administrative, technical, and physical controls.

Administrative controls are policies, procedures, and training that govern how employees use and protect company assets. They include security awareness training, access control policies, and incident response plans. By educating employees to recognize phishing attempts and having robust password and access management policies, organizations reduce the human threats that are most often the cause of breaches.

Technical controls protect systems and networks by using technology. A few of them include firewalls, intrusion detection and prevention systems (IDS/IPS), antivirus software, and encryption. Multi-factor authentication (MFA) and network segmentation are also critical, ensuring that even if a section is compromised, the rest of the network is protected.

Physical controls protect the company’s hardware and infrastructure. They consist of locked computer rooms, security cameras, and access badges to prevent unauthorized physical access to important equipment. When combined together through company policies, secure technology, and physical security, these controls create a layered defense strategy known as defense in depth that greatly improves a company’s overall security posture.

[Addison West]

That is an excellent explanation of the different types of security controls. You did a great job clearly describing each category and showing how they all work together to protect an organization. I like how you pointed out that administrative controls focus on people and policies, technical controls rely on technology, and physical controls deal with securing the actual equipment and buildings. Your mention of defense in depth was also a strong point because it highlights how combining these layers creates a much stronger and more complete security system. Overall, your response shows a deep understanding of how organizations can protect their data and systems from many different types of threats.

[Mjulius513]

When I was working at AWS, keeping the network secure was always a top priority. We used different types of controls to protect data and systems. Physical controls included locked server rooms, security badges, and cameras to prevent unauthorized access. Technical controls like firewalls, encryption, multi-factor authentication (MFA), and antivirus software helped block hackers and keep information safe. We also had administrative controls, such as password policies, access limits, and regular employee training to make sure everyone followed security rules. Monitoring tools were used to watch network activity and quickly detect any unusual behavior. We regularly made backups and had incident response plans in case of a security breach. Access controls made sure only the right people could reach certain systems or data. By using all these layers of protection together, AWS created a strong and secure network environment that kept both company and customer data safe at all times.

[Misty Stewart]

Your experience at AWS highlights how comprehensive network security really is. I appreciate how you broke down the different types of controls physical, technical, and administrative and explained their roles in protecting data and systems. It’s clear that relying on just one layer isn’t enough; combining things like locked server rooms, firewalls, MFA, and employee training creates a much stronger defense. I also like that you mentioned monitoring and incident response plans, since being able to quickly detect and respond to threats is just as important as prevention. Overall, your example shows how a layered approach helps organizations like AWS maintain a secure environment for both company and customer data.

[Caleb Kiser]

There are a lot of ways a company can protect its network and keep information safe. One of the first steps is putting clear rules and policies in place, like who is allowed to access certain systems and how employees should handle sensitive data. On the technical side, tools like firewalls, antivirus programs, and intrusion detection systems help block hackers and suspicious activity. Physical security matters too, keeping servers locked up and limiting who can get into certain areas can make a big difference. Things like encryption and multi-factor authentication add extra layers of protection, making it harder for anyone unauthorized to get in. It is also important to keep systems updated, use strong passwords, and regularly monitor the network for unusual activity. When a company combines all these things, it creates a much stronger defense against any potential threats.

[Derrick Adams]

Caleb,
Nice work on this assignment. When the three layers administrative, technical, and physical work together, security becomes part of the routine instead of a constant fire drill. Your post is a excellent reminder that most wins come from simple practices done consistently.

[Addison West]

That’s a great explanation of how companies can protect their networks and information. I really like how you covered all the main areas of security, including administrative, technical, and physical controls. You did a nice job explaining that it’s not just about having strong technology, but also about setting clear rules and training employees to handle data safely. Mentioning tools like firewalls, antivirus software, and intrusion detection systems shows that you understand how technology helps defend against hackers. I also liked how you pointed out the importance of physical security, because many people forget that protecting access to equipment is just as important as protecting the data itself. Your mention of encryption, multi-factor authentication, and regular updates shows a strong understanding of how to keep systems secure over time. Overall, your response gives a complete and thoughtful picture of what it takes to keep a company’s network safe.

[Derrick Adams]

A company secures its network by layering administrative, technical, and physical controls—defense in depth.
Administrative (policy) controls set the rules: an acceptable-use policy, least-privilege access standards, change management, vendor and remote-access rules, and an incident-response plan with the 3-2-1 backup rule. Security awareness training and phishing drills keep people from being the weak link.
Technical controls enforce those rules. Start with identity and access management: strong passwords, MFA, role-based access, and regular account reviews. Segment the network (user, server, and management VLANs), restrict traffic with firewalls, and use secure configurations on routers and switches. Add endpoint protection and patch management. Use encryption for data in transit (TLS/VPN) and at rest. Deploy IDS/IPS, DNS filtering, and email security to block malware and command-and-control. Centralize logs in a SIEM for monitoring, alerting, and compliance. Run vulnerability scans and periodic pen tests, then fix findings.
Physical controls protect the gear: locked rooms and racks, badges, cameras, and environmental sensors.
Together, these preventive, detective, and corrective controls reduce risk, limit blast radius, and give the team what it needs to respond quickly when something goes wrong.

[Mjulius513]

Hey, I agree that layering administrative, technical, and physical controls is the best way to secure a network. Policies guide behavior, technical tools enforce security, and physical controls protect hardware. Together, they create strong protection against threats. Regular training, patching, and monitoring help keep systems safe and ready to respond if something goes wrong.

[Addison West]

There are different types of controls a company can use to keep its network safe and protect its information. These controls are called physical controls, technical controls, and administrative controls. Each type helps protect the company in a different way. Physical controls are things that protect the equipment, like computers and servers. Examples include locked doors, cameras, ID badges, and alarms. These help stop people who are not allowed from getting near important devices or data. Technical controls are tools and programs that protect the network digitally. Firewalls, antivirus software, encryption, and strong passwords are common examples. Firewalls block bad traffic from entering the network, antivirus software removes harmful viruses, and encryption keeps information private by turning it into a secret code that only approved users can read. Companies can also use multi-factor authentication, which means people must verify their identity in more than one way before logging in. Administrative controls are rules and policies that teach employees how to keep the network safe. These include training sessions, password policies, and steps to follow when handling customer information. Employees are often the first line of defense, so teaching them to recognize threats like phishing emails is very important. When all three types of controls, physical, technical, and administrative, are used together, they create a strong defense system. This combination helps protect a company’s data, devices, and people from hackers, viruses, and other cyber risks.

[Carlos Martes]

Great post Addison,
A company can use different controls to keep its network safe, First are administrative controls, like security policies, employee training and rules about passwords or access. These guide people on how to protect company data. Then there are technical controls, such as firewalls, antivirus software, encryption, and intrusion detection systems. These protect the network from hackers and malware. Lastly, physical controls include locked server rooms, security cameras and ID badge access to keep equipment secure. Using all three types of controls together builds a strong protection for the company’s network and keeps data safe from both sides and outside threats.

[Carlos Martes]

When securing a company’s network, implementing multiple layers of controls is key. Administrative controls include security policies, employee training, and access management procedures. These define how users and systems should behave to protect company data. Technical controls involve firewall, intrusion detection systems, antivirus software and encryption, which safeguard digital assets from unauthorized access and cyber threats. Physical controls such as locked server rooms, surveillance cameras, and restricted access protect hardware and infrastructure. Companies can also use network segmentation to isolate sensitive data reducing exposure if breach occurs. Regular audits, vulnerability assessments, and timely updates further strengthen security. Altogether, combining administrative, technical and physical controls creates a strong defense system, to ensure the company’s network remains secure and resilient against both internal and external threats.

[Isabelle Tubbs]

Hi, Carlos. Great work presenting potential controls that a company could use for their overall security. One thing you mentioned that I did not was employee training. Training employees to be responsible when being on the system and sharing data is extremely important. Taking time to let them know of best practices can protect the system more in the future.

[Isabelle Tubbs]

When securing a company’s network, there are different aspects that need to be covered. First, physical controls must be implemented. Putting locks, guards, and sensors in place can prevent an intruder from entering. Additionally, creating physical controls against natural occurrences should be incorporated. Installing fire alarms or backup power can help protect a network.

Next, software controls must be created to stop hackers from gaining any sort of access to the system. Putting in firewalls and running security scans can make sure everything on the system is up to date and that no unwanted guests come on the system. Some other measures to include are encryption of data, security updates, and user account control.

To create a good security system, there naturally needs to be several protective controls put in place so that the system can be protected from different types of attacks. Otherwise, the system will be amazing at protecting one type of attack while also being vulnerable to another type. Therefore, using a combination of the measures listed as well as other measures is best.

[Trae Johnson]

I would agree that effective protection includes physical as well as software controls employed in combination. Physical controls like locks, guards, and fire alarms bar unauthorized access and protect against environmental hazards, whereas software controls like firewalls, encryption, and security patches protect against cyber attacks. I also like your insistence on layered security—protecting only one layer of protection leaves the system open to vulnerabilities in other areas. A comprehensive, multi-phased approach ensures that a network is resistant to a wide variety of threats, from human error to the most sophisticated cyberattacks.

[Author]

Posts