Options
Query about Darril Gibson's definition of controls (SSCP)
I'm studying for the SSCP exam, reading Darril Gibson's book AIO SSCP Exam Guide. I'm confused about the categories and definitions of controls in chapter 9, he lists three:
Management/Administrative
Technical (or logical)
Physical/Operational
I have CISSP books and I can't see any listing Operational alongside Physical. In Shon's CISSP book Physical is clearly defined as relating to physical environment e.g. a fence, whereas Gibson's book includes examples like "configuration and change management practices", and "contingency planning to reduce losses after major security incidents" - wouldn't these be Management/Administrative controls? Why are they in the Physical/Operational category?
The example Gibson uses for Management/Administrative controls is "plans that help an organization respond to events" - that's basically identical to the second example in the previous paragraph for Physical/Operation controls.
Management/Administrative
Technical (or logical)
Physical/Operational
I have CISSP books and I can't see any listing Operational alongside Physical. In Shon's CISSP book Physical is clearly defined as relating to physical environment e.g. a fence, whereas Gibson's book includes examples like "configuration and change management practices", and "contingency planning to reduce losses after major security incidents" - wouldn't these be Management/Administrative controls? Why are they in the Physical/Operational category?
The example Gibson uses for Management/Administrative controls is "plans that help an organization respond to events" - that's basically identical to the second example in the previous paragraph for Physical/Operation controls.