Which of the following is a directive control?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Directive controls are controls that establish policies and procedures to direct employees to take specific actions. These controls are designed to ensure that employees know what is expected of them and how to comply with the organization's policies and procedures.
Out of the given options, implementing an information security policy is a directive control. An information security policy is a set of rules and guidelines that an organization establishes to regulate the use of its information assets. An information security policy is a directive control because it provides direction to employees on how to handle sensitive information and what actions are expected of them to protect the organization's information assets.
Establishing an information security operations team is an administrative control. An administrative control is designed to ensure that administrative procedures are established and followed to provide effective control over the organization's information technology systems.
Updating data loss prevention software and configuring data encryption software are technical controls. Technical controls are designed to protect the confidentiality, integrity, and availability of an organization's information assets. Updating data loss prevention software and configuring data encryption software are technical controls because they are designed to protect the organization's information assets from unauthorized access or disclosure.
In summary, the correct answer is C. Implementing an information security policy is a directive control because it provides direction to employees on how to handle sensitive information and what actions are expected of them to protect the organization's information assets.