Non-Technical Controls
Question
Which of the following controls do NOT come under technical class of control?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Program Management control comes under management class of controls, not technical.
Program Management control is driven by the Federal Information Security Management Act (FISMA)
It provides controls to ensure compliance with FISMA.
These controls complement other controls.
They don't replace them.
Incorrect Answers: B, C, D: These controls comes under technical class of control.
The Technical class of controls includes four families.
These families include over 75 individual controls.
Following is a list of each of the families in the Technical class: -> Access Control (AC): This family of controls helps an organization implement effective access control.
They ensure that users have the rights and permissions they need to perform their jobs, and no more.
It includes principles such as least privilege and separation of duties.
-> Audit and Accountability (AU): This family of controls helps an organization implement an effective audit program.
It provides details on how to determine what to audit.
It provides details on how to protect the audit logs.
It also includes information on using audit logs for non-repudiation.
Identification and Authentication (IA): These controls cover different practices to identify and authenticate users.
Each user should be uniquely identified.
In.
-> System and Communications Protection (SC): The SC family is a large group of controls that cover many aspects of protecting systems and communication channels.
Denial of service protection and boundary protection controls are included.
Transmission integrity and confidentiality controls are also included.
The technical class of control consists of controls that are primarily technology-based and focus on the technology infrastructure, hardware, software, and network components of an organization's information system.
Out of the four options provided, the control that does NOT come under the technical class of control is A. Program management control.
Explanation:
A. Program management control: This control is related to the overall management of an organization's information security program, including the development, implementation, and maintenance of policies, procedures, and standards. It is not a technology-based control and therefore does not fall under the technical class of control.
B. System and Communications Protection control: This control is a technical control that focuses on protecting an organization's information system and network infrastructure from unauthorized access, modification, destruction, or disclosure. It includes controls such as firewalls, intrusion detection and prevention systems, antivirus software, and encryption.
C. Identification and Authentication control: This control is also a technical control that focuses on ensuring that only authorized individuals are granted access to an organization's information system and network resources. It includes controls such as passwords, biometric authentication, and smart cards.
D. Access Control: This control is also a technical control that focuses on controlling access to an organization's information system and network resources based on the principle of least privilege. It includes controls such as access control lists, role-based access control, and mandatory access control.
In summary, program management control is not a technical control and therefore does not come under the technical class of control.