Hybrid Controls Explained

B.

A hybrid control refers to a security control that combines different control types to provide comprehensive security protection against various types of security threats. The term "hybrid" suggests a combination of two or more types of security controls, such as technical and operational controls, preventive and detective controls, and manual and automated controls.

Option A: "is implemented differently on individual systems" is incorrect because this describes a diverse control, not a hybrid control.

Option B: "is implemented at the enterprise and system levels" is partially correct, as a hybrid control can be implemented at the enterprise and system levels, but it is not the defining characteristic of a hybrid control.

Option C: "has operational and technical components" is correct. A hybrid control typically includes both operational and technical components. Operational controls are administrative or procedural controls that are implemented by people, whereas technical controls are automated or technical measures that are implemented through hardware or software.

Option D: "authenticates using passwords and hardware tokens" is incorrect as it refers to a specific type of control, not a hybrid control.

In summary, the correct answer is C, as a hybrid control combines both operational and technical components.