Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Soft Control is another way of referring to Administrative control.
Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer.
Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control Preventative/Administrative is correct because access controls are preventative in nature.it is always best to prevent a negative event, however there are times where controls might fail and you cannot prevent everything.Administrative controls are roles, responsibilities, policies, etc which are usually paper based.In the administrative category you would find audit, monitoring, and security awareness as well.
Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc..
Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
The control pairing that places emphasis on "soft" mechanisms that support the access control objectives is the Preventive/Administrative Pairing (Option B).
Access control is the process of managing who can access resources or perform actions in a system or environment. There are different types of access controls, such as preventive, detective, and corrective controls. Preventive controls aim to prevent unauthorized access before it occurs, while detective controls detect and respond to unauthorized access after it occurs. Corrective controls are measures taken to correct any damage caused by unauthorized access.
Preventive controls can be further categorized into technical, administrative, and physical controls. Technical controls use technology to prevent unauthorized access, such as firewalls and encryption. Physical controls use physical barriers, such as locks and security cameras, to prevent unauthorized access. Administrative controls use policies, procedures, and training to prevent unauthorized access.
The Preventive/Administrative Pairing emphasizes the use of administrative controls, such as policies and procedures, to prevent unauthorized access. These controls are considered "soft" because they rely on human behavior and compliance rather than technology or physical barriers. Examples of administrative controls include user access policies, password policies, security awareness training, and background checks.
In contrast, the Preventive/Technical Pairing emphasizes the use of technical controls, such as firewalls and encryption, to prevent unauthorized access. The Preventive/Physical Pairing emphasizes the use of physical controls, such as locks and security cameras, to prevent unauthorized access. The Detective/Administrative Pairing emphasizes the use of policies and procedures to detect and respond to unauthorized access after it occurs.
In summary, the Preventive/Administrative Pairing places emphasis on "soft" mechanisms that support the access control objectives, such as policies, procedures, and training.