Managerial controls primarily focus on policies, procedures, guidelines, and strategic aspects of security management. They are designed to guide the organization's overall security posture and ensure that security measures are effectively integrated into business processes. In this context, managerial controls help in developing training and education programs, raising security awareness among employees, and ensuring proper system maintenance to align with the organization's security objectives and requirements.
Agreed. According to NIST, Management Control: "
management controls are actions taken to manage the development, maintenance, and use of the system, including system-specific policies, procedures, and rules of behavior, individual roles and responsibilities, individual accountability and personnel security decisions."
That closely aligns with B.
https://csrc.nist.gov/glossary/term/management_controls#:~:text=management%20controls%20are%20actions%20taken,accountability%20and%20personnel%20security%20decisions.
Jasion Dion definition on Managerial controls:
A category of security control that provides oversight of the
information system.
Therefore, going with C
management controls are actions taken to manage thedevelopment, maintenance, and use of the system, including system-specific policies, procedures, and rules of behavior, individual roles and responsibilities, individual accountability and personnel security decisions.
Source(s):
NIST SP 800-16 under Management Controls
From the resources I studied for the test with, managerial controls are to provide oversight of the systems. They include such things as risk controls and vulnerability scans.
Answer (D) is operational controls
(A) and (B) sound somehwat like administrative controls.
Option D: "To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails" focuses more on technical security controls and tasks, rather than the overall management and direction of the security program.
While ensuring tactical design, selection of technology, logical access reviews, and audit trails are important tasks within a security program, they are not necessarily the main focus of managerial controls. Managerial controls play a more strategic role by setting the overall direction and guidance for the security program, whereas option D focuses on the tactical implementation of specific security controls.
To scope the security planning, program development, and maintenance of the security life cycle. A managerial control is responsible for defining the overall strategy and direction for an organization's security program. This includes scoping the security planning, program development, and maintenance of the security life cycle. This is the most comprehensive definition of the function of a managerial control, as it covers all aspects of security program management. The other options may be parts of a comprehensive security program, but they are not a full explanation of the function of a managerial control.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
skibby16
1 year, 9 months agosoupra
1 year, 8 months agoHotWings8
1 year, 11 months agoWhoGuessed
2 years, 3 months agoopem
2 years, 3 months ago2Fish
2 years, 3 months agoCatoFong
2 years, 4 months agojleonard_ddc
2 years, 4 months agoMerc16
2 years, 5 months agognnggnnggnng
2 years, 5 months agognnggnnggnng
2 years, 5 months agoCatoFong
2 years, 5 months ago