Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
Query about Darril Gibson's definition of controls (SSCP)
Sheiko37
I'm studying for the SSCP exam, reading Darril Gibson's book AIO SSCP Exam Guide. I'm confused about the categories and definitions of controls in chapter 9, he lists three:
Management/Administrative
Technical (or logical)
Physical/Operational
I have CISSP books and I can't see any listing Operational alongside Physical. In Shon's CISSP book Physical is clearly defined as relating to physical environment e.g. a fence, whereas Gibson's book includes examples like "configuration and change management practices", and "contingency planning to reduce losses after major security incidents" - wouldn't these be Management/Administrative controls? Why are they in the Physical/Operational category?
The example Gibson uses for Management/Administrative controls is "plans that help an organization respond to events" - that's basically identical to the second example in the previous paragraph for Physical/Operation controls.
Find more posts tagged with
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
