Exam CRISC topic 1 question 483 discussion

B. using biometric door locks The compensating control that MOST effectively addresses the risk associated with piggybacking into a restricted area without a dead-man door is "B. using biometric door locks." Biometric door locks, such as fingerprint or retina scanners, provide a higher level of security compared to traditional access methods like ID badges. Biometric authentication ensures that only authorized individuals with matching biometric data can gain access, reducing the risk of unauthorized piggybacking.

D. security awareness training Piggybacking, or tailgating, involves an unauthorized person following an authorized person into a restricted area. This risk often arises from employees' lack of awareness about the security implications of holding a door open for others. Security awareness training can teach employees about the risks associated with piggybacking and instruct them not to allow others to enter restricted areas without proper authentication. While options A, B, and C might enhance security to a certain extent, they may not effectively address piggybacking because even with advanced technology, a person can still follow an authenticated person through the door. Therefore, security awareness training is the most effective compensating control in this case.

Agree 'without a dead-man door'. If there is no physical control that responds effectively to the threat, the best thing to do is warn it so that an employee is attentive and prevents it from 'sneaking in'.

the correct answer is B

Training always comes first

D. security awareness training Training always comes first

I think B is direct control, whereas D is ocmpensating.

Training employees are always the primary thing you can do to decrease human-based risks (eg.: phising).

not b?