An organization has provided legal text explaining the rights and expected behavior of users accessing a system from geographic locations that have strong privacy regulations. Which of the following control types has been applied?
There was a similar question here:
Establishing an organizational code of conduct is an example of which type of control?
A. Directive
B. Preventive
C. Detective
D. Compensating
The answer is Preventive because ISACA's framework doesn't mention 'Directive' as a control type. According to ISACA, preventive controls are implemented to prevent undesirable events from occurring in the first place, which fits the scenario of establishing a code of conduct. So, I’m going with B."
Going with D, Directive, despite not being able to find anything in the ISACA review manual 7th edition on a "directive" control. Pointers appreciated.
Of course, reviewing the 7th edition review manual, controls are: administrative/managerial, technical/logical, physical/operational - and can be classified by function as detective, preventive, compensating, deterrant, corrective - pages 151, 153, 154. There is no directive in the ISACA book - anyone have a source for directive from ISACA?
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Eghe
23 hours, 26 minutes agofaed87a
1 week, 1 day agoCbtL
5 months, 1 week agoCbtL
5 months, 1 week ago