Which of the following is NOT an administrative control?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
It is considered to be a technical control.
Logical is synonymous with Technical Control.That was the easy answer.
There are three broad categories of access control:Administrative, Technical, and Physical.
Each category has different access control mechanisms that can be carried out manually or automatically.
All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, as shown here: Administrative Controls -Policy and proceduresPersonnel controlsSupervisory structureSecurity-awareness trainingTesting Physical Controls - Network segregation - Perimeter security - Computer controls - Work area separation - Data backups - Technical Controls - System access - Network architecture - Network access - Encryption and protocols - Control zone - Auditing - The following answers are incorrect : Screening of personnel is considered to be an administrative control Development of policies, standards, procedures and guidelines is considered to be an administrative control Change control procedures is considered to be an administrative control.
Reference : Shon Harris AIO v3 , Chapter - 3 : Security Management Practices , Page : 52-54
An administrative control is a security measure implemented by an organization to manage the behavior and actions of its personnel, in order to reduce the risk of security breaches or other negative outcomes. The purpose of administrative controls is to provide a framework for effective security management, including the development of policies, procedures, and guidelines that govern the behavior of employees and other stakeholders.
The options given in the question are:
A. Logical access control mechanisms B. Screening of personnel C. Development of policies, standards, procedures, and guidelines D. Change control procedures
Logical access control mechanisms are a type of administrative control that regulates access to computer systems and networks. These controls include authentication, authorization, and accounting mechanisms that ensure that only authorized individuals have access to sensitive data and resources. Therefore, option A is an administrative control.
Screening of personnel is another type of administrative control that aims to ensure that individuals hired by an organization have the necessary qualifications, background, and character to perform their job duties responsibly. This includes conducting background checks, verifying credentials, and conducting interviews to assess the individual's suitability for the job. Therefore, option B is also an administrative control.
Development of policies, standards, procedures, and guidelines is a core element of administrative controls. These documents outline the organization's security policies, standards, and procedures, and provide guidance to employees on how to behave in a secure and responsible manner. They are essential for ensuring that security requirements are communicated effectively and consistently throughout the organization. Therefore, option C is an administrative control.
Change control procedures are a type of administrative control that regulate changes made to the organization's IT systems, software, and infrastructure. These controls are put in place to ensure that any changes are made in a controlled and systematic manner, with appropriate authorization, testing, and review. Therefore, option D is also an administrative control.
Conclusion: Based on the explanations above, it can be concluded that all the options given in the question are administrative controls. None of the options are the correct answer to the question.