A security manager is developing a new information security program. The manager focuses first on creating a comprehensive risk assessment methodology, defining security policies, and establishing roles and responsibilities for personnel. Which category of security controls do these activities primarily represent?
Managerial controls are security controls that focus on the management of risk and the management of information system security. These controls are administrative in nature and include activities like creating security policies, conducting risk assessments, planning for business continuity, and performing security awareness training. The activities described in the scenario-risk assessment, policy creation, and defining roles-are all classic examples of managerial controls. Technical controls involve technology like firewalls, operational controls involve day-to-day procedures like reviewing logs, and physical controls involve tangible protections like fences and locks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of Managerial Controls?
Open an interactive chat with Bash
How do Managerial Controls differ from Technical Controls?
Open an interactive chat with Bash
Why is decision-making important in Managerial Controls?