The policy is a directive control because it provides written guidance that instructs users on the required behavior (how to create passwords) to meet the organization's security expectations. Preventive controls stop incidents from occurring (for example, a firewall), deterrent controls discourage attacks (for example, posted warning signs), and detective controls identify incidents after they happen (for example, log analysis). The password-complexity statement does not directly block or detect attacks; it directs users, so it is classified as a directive control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are directive controls in security policies?
Open an interactive chat with Bash
Why is it important to have strong password policies?
Open an interactive chat with Bash
What happens if users do not follow password policies?