Systems Security Certified Practitioner – SSCP – Question0319

Which of the following is NOT an administrative control?

A.
Logical access control mechanisms
B. Screening of personnel
C. Development of policies, standards, procedures and guidelines
D. Change control procedures

Correct Answer: A

Explanation:

It is considered to be a technical control.
Logical is synonymous with Technical Control. That was the easy answer.
There are three broad categories of access control: Administrative, Technical, and Physical.
Each category has different access control mechanisms that can be carried out manually or automatically. All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, as shown here:
Administrative Controls
• Policy and procedures
• Personnel controls
• Supervisory structure
• Security-awareness training
• Testing
Physical Controls
Network segregation Perimeter security Computer controls Work area separation Data backups
Technical Controls
System access Network architecture Network access Encryption and protocols Control zone Auditing
The following answers are incorrect :
Screening of personnel is considered to be an administrative control
Development of policies, standards, procedures and guidelines is considered to be an administrative control
Change control procedures is considered to be an administrative control. Reference : Shon Harris AIO v3 , Chapter -3 : Security Management Practices , Page : 52-54