Which categories of controls were implemented in the described process?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Which categories of controls were implemented in the described process?

Explanation:
The main idea here is how security controls are grouped for information systems. In standard information-security practice, controls are classified into three broad areas: management, operational, and technical. Management controls cover policy, planning, risk assessment, and governance—things that steer security at the organizational level. Operational controls are the day-to-day procedures and processes people follow, such as training, configuration management, incident response, and contingency planning. Technical controls are those enforced by technology—access controls, encryption, authentication, auditing, and automated monitoring within the system. When a described process shows governance and risk oversight (management), the ongoing procedures people perform (operational), and the technical protections built into systems (technical), it aligns with this three-category framework, making it the best fit. The other schemes mix different concepts. Physical, logical, and administrative describe where or how controls exist rather than the three-tier structure of control categories. Strategic, tactical, and operational refer to planning levels, not the classification of controls. Preventive, detective, and corrective describe control purposes rather than their category.

The main idea here is how security controls are grouped for information systems. In standard information-security practice, controls are classified into three broad areas: management, operational, and technical.

Management controls cover policy, planning, risk assessment, and governance—things that steer security at the organizational level. Operational controls are the day-to-day procedures and processes people follow, such as training, configuration management, incident response, and contingency planning. Technical controls are those enforced by technology—access controls, encryption, authentication, auditing, and automated monitoring within the system.

When a described process shows governance and risk oversight (management), the ongoing procedures people perform (operational), and the technical protections built into systems (technical), it aligns with this three-category framework, making it the best fit.

The other schemes mix different concepts. Physical, logical, and administrative describe where or how controls exist rather than the three-tier structure of control categories. Strategic, tactical, and operational refer to planning levels, not the classification of controls. Preventive, detective, and corrective describe control purposes rather than their category.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy