Some controls are provided automatically by the system and cannot be by-passed, ignored oroverridden: for example, having to input a password to enter a computer system. These are classified as controls.Which term correctly completes this statement?
A、Detect
B、Mandated
C、Non-discretionary
D、Administrative
A、Detect
B、Mandated
C、Non-discretionary
D、Administrative
【参考答案及解析】
Rationale: Non-discretionary controls are as described: as opposed to discretionary controlswhich are subject to human choice. 'Mandated' is a similar idea, but mandated controls are required by law and imposed by external authorities (as opposed to voluntary controls, chosen by the organisation). Detect controls are controls designed to detect errors once they have happened. Administrative controls are to do with reporting responsibilities, communication channels and other means of implementing policies.Pitfalls: There is so much terminology in this area: fertile ground for exam questions. Be able to use distinctions within classifications (as in 'discretionary and non-discretionary', or 'prevent, detect, control') as well as across classifications, as in this question.
Rationale: Non-discretionary controls are as described: as opposed to discretionary controlswhich are subject to human choice. 'Mandated' is a similar idea, but mandated controls are required by law and imposed by external authorities (as opposed to voluntary controls, chosen by the organisation). Detect controls are controls designed to detect errors once they have happened. Administrative controls are to do with reporting responsibilities, communication channels and other means of implementing policies.Pitfalls: There is so much terminology in this area: fertile ground for exam questions. Be able to use distinctions within classifications (as in 'discretionary and non-discretionary', or 'prevent, detect, control') as well as across classifications, as in this question.