Control Types (Technical/Operational/Managerial/Physical)

Question 1

What are Technical controls also called?

Answer 1

Logical security controls - they’re executed by computer systems using technology

Question 2

Name 3 examples of Technical controls

Answer 2

1) Encryption 2) Firewalls 3) IDS/IPS

Question 3

What type of control is Configuration Management?

Answer 3

OPERATIONAL (not technical!) - it’s day-to-day maintenance tasks performed by people

Question 4

What are the 3 characteristics of Managerial controls?

Answer 4

1) Also called Administrative controls 2) Focused on reducing risk 3) Documented in written policies

Question 5

Configuration management is Operational. Risk assessment is ___?

Answer 5

MANAGERIAL - it’s strategic planning/governance, not day-to-day tasks

Question 6

Name 3 examples of Operational controls

Answer 6

1) Configuration management 2) Patch management 3) System backups (day-to-day maintenance by people)

Question 7

What type of control is Patch Management?

Answer 7

OPERATIONAL - routine maintenance activity

Question 8

Which control type do Data Backups fall under?

Answer 8

OPERATIONAL (not physical!)

Question 9

Which control type do Firewalls fall under?

Answer 9

TECHNICAL (not physical!) - they’re computer-executed

Question 10

What type of control is Asset Management?

Answer 10

MANAGERIAL/OPERATIONAL (not physical!) - it’s about tracking and managing resources