312-50V11 · Question #274
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
The correct answer is B. Procedural. A policy that prohibits employees from bringing personal devices into a facility is a procedural control because it governs human behavior through rules rather than physical barriers or technical mechanisms.
Question
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
Options
- APhysical
- BProcedural
- CTechnical
- DCompliance
How the community answered
(34 responses)- A3% (1)
- B85% (29)
- C9% (3)
- D3% (1)
Why each option
A policy that prohibits employees from bringing personal devices into a facility is a procedural control because it governs human behavior through rules rather than physical barriers or technical mechanisms.
Physical controls are tangible countermeasures such as locks, mantraps, badge readers, and security guards that restrict physical access - not written rules about employee behavior.
Procedural controls are administrative policies, rules, and guidelines that dictate how people must behave within an organization. A prohibition enforced through policy documents, employee agreements, and conduct rules - rather than locks, cameras, or software - is by definition procedural.
Technical controls use technology such as firewalls, encryption, or MDM software to enforce security - a policy prohibition does not involve any technology mechanism.
Compliance refers to adherence to laws, regulations, or standards and is not itself a category of security control in this classification scheme.
Concept tested: Classification of procedural vs physical vs technical security controls
Source: https://csrc.nist.gov/glossary/term/administrative_control
Topics
Community Discussion
No community discussion yet for this question.