Which of the following security control types does an acceptable use policy best represent?

Which of the following security control types does an acceptable use policy best represent?
A . Detective
B . Compensating
C . Corrective
D . Preventive

View Answer

Answer: D

Explanation:

An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The AUP helps companies minimize their exposure to cyber security threats and limit other risks. The AUP also serves as a notice to users about what they are not allowed to do and protects the company against misuse of their network. Users usually have to acknowledge that they understand and agree to the rules before accessing the network1.

An AUP best represents a preventive security control type, because it aims to deter or stop potential security incidents from occurring in the first place. A preventive control is proactive and anticipates possible threats and vulnerabilities, and implements measures to prevent them from exploiting or harming the system or the data. A preventive control can be physical, technical, or administrative in nature2.

Some examples of preventive controls are:

– Locks, fences, or guards that prevent unauthorized physical access to a facility or a device

– Firewalls, antivirus software, or encryption that prevent unauthorized logical access to a network or a system

– Policies, procedures, or training that prevent unauthorized or inappropriate actions or behaviors by users or employees

An AUP is an example of an administrative preventive control, because it defines the policies and procedures that users must follow to ensure the security and proper use of the network and the IT resources.

An AUP can prevent users from engaging in activities that could compromise the security, performance, or availability of the network or the system, such as:

– Downloading or installing unauthorized or malicious software

– Accessing or sharing sensitive or confidential information without authorization or encryption

– Using the network or the system for personal, illegal, or unethical purposes

– Bypassing or disabling security controls or mechanisms

– Connecting unsecured or unapproved devices to the network

By enforcing an AUP, a company can prevent or reduce the likelihood of security breaches, data loss, legal liability, or reputational damage caused by user actions or inactions3.

References = 1: How to Create an Acceptable Use Policy – CoreTech, 2: [Security Control Types: Preventive, Detective, Corrective, and Compensating], 3: Why You Need A Corporate Acceptable Use Policy – CompTIA