An organization has implemented a policy to require minimum security control baselines when configuring servers or systems. What control type has been implemented?
C. Preventive.
Preventive controls are designed to prevent security incidents by establishing standards and baselines that must be followed. By requiring minimum security control baselines when configuring servers or systems, the organization is proactively reducing the risk of security vulnerabilities and ensuring that systems are configured securely from the outset.
Option B, "Directive," refers to controls that provide guidance or instructions on how to act. While requiring minimum security control baselines does provide guidance, the primary purpose of this policy is to prevent security incidents by ensuring that systems are configured securely from the start. Therefore, it is best categorized as a preventive control.
Directive controls are more about setting policies, procedures, and guidelines to direct behaviour, whereas preventive controls are specifically aimed at stopping unwanted events from occurring.
B. Directive
A directive control is one that sets policies or guidelines that direct behavior, ensuring that certain actions or standards are followed. In this case, the policy to require minimum security control baselines when configuring servers or systems is a directive control because it establishes mandatory security configurations that must be followed.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
pLulu
3 months, 3 weeks agoEnig
4 months agoblehbleh
4 months, 3 weeks ago