With all the emphasis on cybersecurity frameworks over the last couple years, it probably shouldn’t surprise anyone that a lot of organizations find themselves working off checklists of cybersecurity controls that they assume will give them better security. What is often missed is that these controls need to work together as an integrated system. For thousands of years, we’ve understood this in the realm of physical security. From the most ancient castles, security was built to initially keep intruders from entering using some sort of barrier like a lock or a moat. However, castles were also built with high towers with sentries posted around the clock to see the enemy coming because we knew that simple barriers would never be enough for a determined adversary. Finally, armies were at the ready to repel invaders if the sentries determined that the barriers would not be sufficient. Even today for most basic security for our homes, we understand the difference between a basic control and a security system. If we asked a builder for a security system and his response was that there were locks on the doors, we wouldn’t be satisfied. Most of us know that when we say security system, it means a combination of controls working together. At minimum, we would expect locks, sensors on all exterior doors and first floor windows connected to a central panel with an audio alarm, and the ability to automatically notify a watch center operating at all times that could notify us and/or the police to respond.