Options
When are "management controls" used as opposed to "technical"?
When are "management controls" used as opposed to "technical"?
Comments
-
Optionscanadio Member Posts: 13 ■□□□□□□□□□reason for asking: the IT security textbooks seem a bit vague on this issue.
-
Optionssoccarplayer29 Member Posts: 230 ■■■□□□□□□□Management aka Administrative controls are more manual process based. Think of those enforced through policies/procedures/SOPs/guides.
Technical are hard coded restrictions (think RBAC).Certs: CISSP, CISA, PMP -
Optionscanadio Member Posts: 13 ■□□□□□□□□□ok thanks.
So employees exiting a premises via the fire exit because their swipe cards don't always work.
What type of control is needed here? -
OptionsBlackBeret Member Posts: 683 ■■■■■□□□□□Management control would be my answer here. Think things that are policy based. "Employees are not allowed to use the fire exit except in an emergency". You could implement a technical control to discourage it's use, such as wiring in an alarm that would sound if the door were open, but you couldn't actually prevent someone from using the fire exit via technical means without completely blocking it off.
-
Optionscanadio Member Posts: 13 ■□□□□□□□□□or if you have scenarios where staff are sharing passwords...would this merit a management control or a technical control?
-
Optionssoccarplayer29 Member Posts: 230 ■■■□□□□□□□The thing restricting/prohibiting the action is the control.
You could prevent password sharing through either a technical or management control. Technical=biometric multifactor authentication, hard token MFA, etc. Management=policy restricting this, signing rules of behavior prohibiting the sharing of passwords, etc.Certs: CISSP, CISA, PMP -
Optionscanadio Member Posts: 13 ■□□□□□□□□□ok thanks guys.
in the context of the Security+ exam what would most appropriate answer be
a technical or management control? -
OptionsBlackBeret Member Posts: 683 ■■■■■□□□□□How would you stop someone sharing passwords? Can you physically prevent it? If you wanted to use a management control you could put a policy in place, theoretically stopping it. If you wanted a technical control, you could remove Bob's fingers and tongue, preventing him from writing it down or speaking it to Lisa. Which would you use?
-
Optionscanadio Member Posts: 13 ■□□□□□□□□□BlackBeret wrote: »How would you stop someone sharing passwords? Can you physically prevent it? If you wanted to use a management control you could put a policy in place, theoretically stopping it. If you wanted a technical control, you could remove Bob's fingers and tongue, preventing him from writing it down or speaking it to Lisa. Which would you use?
I hear ya buddy!