Security control quantification is the process of determining what controls you have, where they’re placed, building an inventory of your security controls, and then measuring your security program’s effectiveness against the cybersecurity requirements and regulations that your organization is required to follow.