Which of the following is NOT listed as a common control candidate?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which of the following is NOT listed as a common control candidate?

Explanation:
Common controls are the organization-wide measures that can be applied across many information systems, managed at a central level to provide broad protection. Contingency planning fits this, since it establishes how the organization will continue operations after disruptions and is designed to cover multiple systems. Incident response likewise is an organization-wide capability for detecting, responding to, and recovering from security incidents across the enterprise. Security training and awareness is another broad program intended for all users across systems, promoting a consistent security culture. Access control, on the other hand, is typically implemented per system because it must be tailored to each system’s specific users, roles, resources, and risk considerations. While there may be overarching access control policies, the actual controls and enforcement are usually system-specific rather than inherited across multiple systems. Therefore, access control is not listed as a common control candidate.

Common controls are the organization-wide measures that can be applied across many information systems, managed at a central level to provide broad protection. Contingency planning fits this, since it establishes how the organization will continue operations after disruptions and is designed to cover multiple systems. Incident response likewise is an organization-wide capability for detecting, responding to, and recovering from security incidents across the enterprise. Security training and awareness is another broad program intended for all users across systems, promoting a consistent security culture.

Access control, on the other hand, is typically implemented per system because it must be tailored to each system’s specific users, roles, resources, and risk considerations. While there may be overarching access control policies, the actual controls and enforcement are usually system-specific rather than inherited across multiple systems. Therefore, access control is not listed as a common control candidate.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy