In an effort to mitigate the risk of insider threats, an organization's security team has drafted a set of guidelines that require employees to report any suspicious behavior or policy violations to the security office immediately. What type of security control are these guidelines?
The guidelines requiring employees to report suspicious behavior represent a directive control. Directive controls are policies, regulations, and guidelines that mandate specific actions or behavior to ensure compliance and enhance the security posture of an organization. The focus on behavior and reporting in this scenario aligns with the intention behind directive controls to guide user actions. The other options, while plausible, do not fulfill the purpose of directing specific actions. Technical controls involve technology and devices, deterrent controls aim to discourage but don't direct specific reporting actions, and physical controls involve tangible measures to secure assets, which do not include guidelines for behavior.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of directive controls in an organization?
Open an interactive chat with Bash
How do directive controls fit into the broader security framework?
Open an interactive chat with Bash
What are the differences between directive, technical, deterrent, and physical controls?