Systems Security Certified Practitioner – SSCP – Question0105

Which of the following pairings uses technology to enforce access control policies?

A.
Preventive/Administrative
B. Preventive/Technical
C. Preventive/Physical
D. Detective/Administrative

Correct Answer: B

Explanation:

The preventive/technical pairing uses technology to enforce access control policies.
TECHNICAL CONTROLS Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Technical controls are sometimes referred to as logical controls.
Preventive Technical Controls Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these controls include:
Access control software.
Antivirus software.
Library control systems.
Passwords.
Smart cards.
Encryption.
Dial-up access control and callback systems.
Preventive Physical Controls
Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e., locations housing computing resources, supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters. Examples of these controls include: Backup files and documentation.
Fences.
Security guards.
Badge systems.
Double door systems.
Locks and keys.
Backup power.
Biometric access controls.
Site selection.
Fire extinguishers.
Preventive Administrative Controls
Preventive administrative controls are personnel-oriented techniques for controlling people’s behavior to ensure the confidentiality, integrity, and availability of computing data and programs. Examples of preventive administrative controls include: Security awareness and technical training. Separation of duties. Procedures for recruiting and terminating employees. Security policies and procedures. Supervision. Disaster recovery, contingency, and emergency plans. User registration for computer access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.