Your organization has recently conducted a security audit and identified the need to improve the cybersecurity training for employees to substantially reduce human error-related security breaches. Which type of control should you primarily focus on implementing to address the identified need?
Preventative controls, such as implementing two-factor authentication across the organization
Technical controls, such as automated intrusion detection systems
Operational controls, such as security guards and incident response teams
Managerial controls, such as policies for mandatory cybersecurity training programs
Managerial controls relate to the policies and procedures that establish the organization's security management structure and the guiding principles for security practices. In this scenario, focusing on providing cybersecurity training to employees to reduce human error through improved understanding of security protocols is best aligned with implementing a managerial control. Technical controls are more related to hardware or software mechanisms that enforce security policies (e.g., firewalls, intrusion detection systems). Operational controls involve the day-to-day execution and implementation of security procedures (e.g., incident response processes), whereas preventative controls aim to avoid security incidents from occurring altogether (e.g., use of strong authentication mechanisms).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are managerial controls in cybersecurity?
Open an interactive chat with Bash
How does cybersecurity training reduce human error-related breaches?
Open an interactive chat with Bash
What is the difference between technical, operational, and managerial controls?