CRISC Certified in Risk and Information Systems Control – Question381

Malicious code protection is which type control?

A.
Configuration management control
B. System and information integrity control
C. Media protection control
D. Personal security control

Correct Answer: B

Explanation:

Explanation:
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. As malicious code protection lists steps to protect against malware, it preserves the information integrity of the enterprise. Hence Malicious code protection is System and information integrity control. This family of controls provides information to maintain the integrity of systems and data.
Incorrect Answers:
A: Malicious code protection is not a Configuration management control. Configuration management control is the family of controls that addresses both configuration management and change management. Change control practices prevent unauthorized changes.
C: Malicious code protection is not a Media protection control. Media Protection includes removable digital media such as tapes, external hard drives, and USB flash drives. It also includes non-digital media such as paper and film. This family of controls covers the access, marking, storage, transport, and sanitization of media.
D: Malicious code protection is not a Personal security control. The Personal security control is a family of controls including aspects of personnel security. It includes personnel screening, termination, and transfer.