Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217.
The Operation Security controls are designed to ensure that systems and data are protected from unauthorized access and malicious activities. The controls can be categorized into several types, including Preventative Controls, Detective Controls, Corrective Controls, and Directive Controls.
Preventative Controls are put in place to prevent unauthorized access or malicious activities from happening in the first place. These controls are intended to reduce the likelihood of an attack or error from occurring. Examples of preventative controls include firewalls, intrusion detection systems, access control mechanisms, and security awareness training.
In contrast, Detective Controls are used to detect and alert the security team to any unauthorized access or malicious activities that may have already taken place. Examples of detective controls include log analysis, security event monitoring, and intrusion detection systems.
Corrective Controls are put in place to respond to an incident or breach that has already occurred. These controls are intended to reduce the impact of the breach and prevent it from happening again. Examples of corrective controls include incident response plans, data backups, and system restoration procedures.
Finally, Directive Controls are used to define policies, procedures, and standards for the organization's security program. These controls help to ensure that everyone in the organization is aware of the policies and procedures and is following them correctly.
Based on the given options, the control that is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system is Preventative Controls. Preventative controls aim to reduce the likelihood of unauthorized access or malicious activities from happening, which can help lower the impact of unintentional errors. Therefore, the correct answer is B. Preventative Controls.