Which of the following would best classify as a management control?

Which of the following would best classify as a management control?
A .  Review of security controls
B .  Personnel security
C .  Physical and environmental protection
D .  Documentation

View Answer

Answer: A

Explanation: Management controls focus on the management of the IT security system and the management of risk for a system.

They are techniques and concerns that are normally addressed by management. Routine evaluations and response to identified vulnerabilities are important elements of managing the risk of a system, thus considered management controls.

SECURITY CONTROLS: The management, operational, and technical controls (i.e.,safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.

SECURITY CONTROL BASELINE: The set of minimum security controls defined for a low-impact, moderate-impact,or high-impact information system.

The following are incorrect answers: Personnel security, physical and environmental protection and documentation are forms of operational controls.

Reference(s) used for this question:

http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf and FIPS PUB 200 at

http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf