A security manager is developing a new information security program. The manager begins by drafting a high-level security policy, defining incident response procedures, and creating guidelines for data handling. Which category of security controls are these activities primarily an example of?
Managerial controls are the correct answer because they involve establishing security policies, procedures, and guidelines to manage security risks, as demonstrated in the scenario. These high-level controls provide the framework for the overall security strategy. Technical controls involve implementing security technologies like firewalls and encryption. Operational controls focus on the day-to-day tasks performed by people, such as reviewing logs or conducting security patrols. Physical controls are used to protect physical assets and premises, such as using locks and surveillance cameras.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of managerial controls?
Open an interactive chat with Bash
How do managerial controls differ from operational controls?
Open an interactive chat with Bash
Why are managerial controls important in an organizational security strategy?