Password management falls into which control category?

Password management falls into which control category?
A .  Compensating
B .  Detective
C .  Preventive
D .  Technical

View Answer

Answer: C

Explanation: Password management is an example of preventive control. Proper passwords prevent unauthorized users from accessing a system.

There are literally hundreds of different access approaches, control methods, and technologies, both in the physical world and in the virtual electronic world. Each method addresses a different type of access control or a specific access need.

For example, access control solutions may incorporate identification and authentication mechanisms, filters, rules, rights, logging and monitoring, policy, and a plethora of other controls. However, despite the diversity of access control methods, all access control systems can be categorized into seven primary categories.

The seven main categories of access control are:

Directive: Controls designed to specify acceptable rules of behavior within an organization

Deterrent: Controls designed to discourage people from violating security directives

Preventive: Controls implemented to prevent a security incident or information breach

Compensating: Controls implemented to substitute for the loss of primary controls and mitigate risk down to an acceptable level

Detective: Controls designed to signal a warning when a security control has been breached

Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore controls

Recovery: Controls implemented to restore conditions to normal after a security incident

Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle Edition.