The assets of enterprises are increasingly exposed to internal and external threats like fraud, theft, embezzlement, sabotage, terrorism and industrial espionage. As a result, enterprise security (ES) as a support function is becoming more important and expenses for ES are significant. An important characteristic of ES setting it apart from other support functions is that in addition to the protection of material and immaterial assets, it is concerned with the physical integrity and survival of employees as a the most valuable asset. The management and control of ES is a challenging task as it requires the cooperation and coordination of security experts, individual managers receiving protection and several functional areas of the enterprise. Notwithstanding this development, there is virtually no research on management control of ES. Therefore, the aim of the paper is to present first empirical evidence on the use, measurement, and value contribution of ES and to introduce fundamental concepts and processes of ES management. We present a study based on qualitative interviews with security experts of German DAX-30 companies which we supplement with a standardized survey. Applying Simons' levers of control-framework we find that all four levers of control are used although there are significant differences regarding their elaboration and measurement practice as well as their integration in a consistent management control system. Our study lays conceptual and empirical foundations for future research on ES control. We contribute to research on management control by unlocking a new and increasingly important field of study.