A company's new data protection policy mandates that all databases containing customer personally identifiable information (PII) must be encrypted. Following this directive, the IT department enables transparent data encryption (TDE) on the relevant SQL servers. Which statement accurately describes the relationship between the policy and the encryption?
The encryption is a compensating control that replaces the need for a policy.
The policy is a managerial control that guides the implementation of the technical control (encryption).
The policy and the encryption are both examples of operational controls.
The policy is a technical control, and the encryption is a managerial control.
The correct answer is that the policy serves as a managerial control that guides the implementation of the technical control (encryption). Managerial controls, such as policies and procedures, establish the security requirements and framework for an organization. Technical controls are the specific hardware or software mechanisms, like encryption, used to enforce those policies. The other options are incorrect because the roles are not reversed, the encryption is not a compensating control in this context, and the controls belong to different categories (managerial and technical), not both operational.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of managerial controls?
Open an interactive chat with Bash
How do technical controls enforce managerial controls?
Open an interactive chat with Bash
Why is it important to combine managerial and technical controls?