Which of the following is NOT a technical control?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
It is considered to be a'Physical Control' There are three broad categories of access control: administrative, technical, and physical.
Each category has different access control mechanisms that can be carried out manually or automatically.
All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, a partial list is shown here.Not all controls fall into a single category,many of the controls will be in two or more categories.Below you have an example with backups where it is in all three categories: Administrative Controls - Policy and procedures - -A backup policy would be in place Personnel controls - Supervisory structure - Security-awareness training - Testing - Physical Controls - Network segregation - Perimeter security - Computer controls - Work area separation - Data backups (actual storage of the media, i:e Offsite Storage Facility) Cabling - Technical Controls - System access - Network architecture - Network access - Encryption and protocols - Control zone - Auditing - Backup (Actual software doing the backups) The following answers are incorrect : Password and resource management is considered to be a logical or technical control.
Identification and authentication methods is considered to be a logical or technical control.
Intrusion Detection Systems is considered to be a logical or technical control.
Reference : Shon Harris , AIO v3 , Chapter - 4 : Access Control , Page : 180 - 185
Among the given options, "Monitoring for physical intrusion" is NOT a technical control.
Technical controls are the measures that use technology to safeguard the systems, data, and networks of an organization. Technical controls include software, hardware, or electronic devices that restrict, prevent, or detect unauthorized access or usage of resources.
A. Password and resource management is a technical control that uses technology to manage user authentication, enforce password policies, and restrict access to resources based on the user's authorization level.
B. Identification and authentication methods are also technical controls that use technology to verify the identity of a user before allowing access to resources. Common examples of identification and authentication methods include biometric scanners, smart cards, and one-time passwords.
C. Intrusion Detection Systems (IDS) are technical controls that monitor network traffic and system logs to detect potential security breaches. IDS can be configured to trigger an alert or take action against malicious activities.
D. Monitoring for physical intrusion is a physical control that uses physical security measures such as security cameras, locks, and alarms to prevent unauthorized access to facilities. While physical security measures are important, they are not considered technical controls.
In summary, option C, "Monitoring for physical intrusion," is not a technical control, while the remaining options (A, B, and D) are all technical controls that use technology to safeguard an organization's resources.