Systems Security Certified Practitioner – SSCP – Question0274

Which of the following is NOT an example of an operational control?

A.
backup and recovery
B. Auditing
C. contingency planning
D. operations procedures

Correct Answer: B

Explanation:

Operational controls are controls over the hardware, the media used and the operators using these resources.
Operational controls are controls that are implemented and executed by people, they are most often procedures.
Backup and recovery, contingency planning and operations procedures are operational controls.
Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational controls.