An organization recently hired several new employees and wants to ensure they understand the company's information-security expectations from day one. The security manager decides to publish a set of mandatory policies that outline acceptable use of systems and the consequences for violations. Which type of security control do these published policies represent?
These published policies are directive controls because they provide official guidance that directs the actions of users and systems toward compliance. Directive controls typically take the form of written policies, standards, or guidelines that tell personnel what they must or must not do to maintain security. Preventive controls, such as firewalls and logical access restrictions, proactively stop threats before they occur. Detective controls, like intrusion detection systems or log monitoring, identify security events after they happen. Corrective controls, for example restoring from backups after an incident, limit damage and return systems to a normal and secure state.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of directive controls?
Open an interactive chat with Bash
How are directive controls different from preventive controls?
Open an interactive chat with Bash
Why are directive controls important in a security framework?