Question

Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.

Answer 1

ANSWER:

GIVEN THAT:

THE BRIEFLY DESCRIBING THE MANAGEMENT CONTROLS OPERATIONAL CONTROLS AND TECHNICAL CONTROLS:

A. MANAGEMENT CONTROL:

B. OPERATIONAL CONTROL:

C. TECHNICAL CONTROL:

A. MANAGEMENT CONTROL:

1. Management controls set the direction and scope of the security process and provide detailed instructions for its conduct, as well as addressing the design and implementation of the security planning process and security program management.

2. They also address risk management and security control reviews, describe the necessity and scope of legal compliance, and set guidelines for the maintenance of the entire security life cycle.

3. Managerial controls are security processes that are designed by strategic planners and implemented by the security administrators for an organization.

4. Management controls set the scope and direction of security processes and provide detailed instructions for their conduct.

5. They also address the design and implementation of planning processes and security program management.

B. OPERATIONAL CONTROL:

1. Operational controls are management and lower-level planning functions that deal with the education, operation of security in the organization, such as disaster recovery, incident response planning, personnel,

2. physical security,and the protection of hardware and software systems maintenance and the integrity of data.

3. Operational Controls are management and lower-level planning functions that deal with the operation functionality of security in an organization, such as disaster recovery and incident response planning.

4. They cover personnel and physical security, as well as protection of inputs and outputs.

5. Operational controls guide the development of education and training for personnel security, hardware and software maintenance, and data integrity.

C. TECHNICAL CONTROL:

1. Technical controls are the tactical and technical implementations of security in the organization.

2. They include logical access controls, such as identification, authentication, authorization,accountability (including audit trails), cryptography, and the classification of assets and user.

3. Technical controls are the tactical and technical implementation of security in an organization. These are the actual controls and equipment put in place to implement security.

4. They include logical access controls, such as identification, authentication, authorization, accountability, cryptology and classification of assetsand users.