Question

In: Accounting

For each of these classes, there are four types of controls: Preventive (Deterrent) Detective Corrective (Recovery)...

For each of these classes, there are four types of controls:

Preventive (Deterrent)

Detective

Corrective (Recovery)

Compensating

Please assign the correct Class of Security Control and Type of Control that match with the Security Control Listed below. It might be possible that multiple control classes or Control types could be an answer. It could also be None.

Security Control

Control Class:
A-Administration)
T-Technical
P Physical)

Control Type
P – Preventive
D – Detective
CR –Corrective
CM-Compensating

Security Awareness Training

Firewall

Anti-Virus

Hot Site

OS Upgrade

IDS (Intrusion Detection System)

System Monitoring

Backup Generator

System Monitoring

Security Guard

Motion Detector

Vulnerability Mitigation

2.     Match he correct COBIT domains (

         A - Planning and Organization,

        B - Acquisition and Implementation,

        C - Delivery and Support, and

        D - Monitoring and Evaluation.

To the following to the following Control Objectives.

CONTROL OBJECTIVE

MATCHING COBIT DOMAIN

define the information architecture

assess risks

manage changes

ensure continuous service

assess internal control adequacy

install and accredit systems

obtain independent assurance

ensure compliance with external requirements

develop and maintain procedures

define a strategic IT plan

ensure systems security

manage the IT investment

manage human resources

identify and allocate costs

provide for independent audit

educate and train users

determine the technological direction

3) Write the correct NIST Security Control Class (Technical, Operational, or Management) for the given Security Control families and Identifiers

IDENTIFIER

FAMILY

CLASS

Risk Assessment

RA

Access Control

AC

Incident Response

IR

Maintenance

MA

Contingency Planning

CP

Personnel Security

PS

Media Protection

MP

Awareness and Training

AT

System and Services Acquisition

SA

Audit and Accountability

AU

Configuration Management

CM

Program Management

PM

System and Information Integrity

SI

Planning

PL

Identification and Authentication

IA

Solutions

Expert Solution

Answer - 1
Security Awareness Training A-Administration) P – Preventive
Firewall T-Technical P – Preventive
Anti-Virus T-Technical P – Preventive
Hot Site T-Technical CM-Compensating
OS Upgrade T-Technical CR –Corrective
IDS (Intrusion Detection System) P-Physical P – Preventive
System Monitoring A-Administration) D – Detective
Backup Generator A-Administration) P – Preventive
System Monitoring A-Administration) D – Detective
Security Guard P-Physical P – Preventive
Motion Detector T-Technical D – Detective
Vulnerability Mitigation A-Administration) P – Preventive
Answer - 2
CONTROL OBJECTIVE MATCHING COBIT DOMAIN
define the information architecture A - Planning and Organization
assess risks A - Planning and Organization
manage changes D - Monitoring and Evaluation.
ensure continuous service C - Delivery and Support
assess internal control adequacy A - Planning and Organization
install and accredit systems B - Acquisition and Implementation,
obtain independent assurance B - Acquisition and Implementation,
ensure compliance with external requirements B - Acquisition and Implementation,
develop and maintain procedures B - Acquisition and Implementation,
define a strategic IT plan A - Planning and Organization
ensure systems security B - Acquisition and Implementation,
manage the IT investment D - Monitoring and Evaluation.
manage human resources C - Delivery and Support
identify and allocate costs A - Planning and Organization
provide for independent audit D - Monitoring and Evaluation.
educate and train users C - Delivery and Support
determine the technological direction D - Monitoring and Evaluation.
Answer - 3
IDENTIFIER FAMILY CLASS
Risk Assessment RA Operational
Access Control AC Operational
Incident Response IR Management
Maintenance MA Management
Contingency Planning CP Management
Personnel Security PS Operational
Media Protection MP Technical
Awareness and Training AT Operational
System and Services Acquisition SA Technical
Audit and Accountability AU Operational
Configuration Management CM Technical
Program Management PM Technical
System and Information Integrity SI Operational
Planning PL Management
Identification and Authentication IA Operational

ekkarill92 answered 1 year ago
Next > < Previous

Related Solutions

Detective controls are better than preventive controls: a. Detective controls are better than preventive controls b....
Detective controls are better than preventive controls: a. Detective controls are better than preventive controls b. Detective controls are as useful as preventive controls c. There is only one kind of internal control d. Preventive controls are better than detective controls
Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop...
Question: Which preventive, detective, and/or corrective controls would best mitigate the following threats? An employee’s laptop was stolen at the airport. The laptop contained personal information about the company’s customers that could potentially be used to commit identity theft. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the...
Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? An employee’s laptop...
Which preventive, detective, and/or corrective controls would best mitigate the follow- ing threats? An employee’s laptop was stolen at the airport. The laptop contained personal in- formation about the company’s customers that could potentially be used to commit identity theft. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. Acriminalremotelyaccessedasensitivedatabaseusingtheauthenticationcredentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his...
discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.
discuss about further into COBIT and the 3 types on controls: preventative, detective and corrective.
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer...
In Chapter 7, we discussed the differences between preventive, detective, and corrective controls. Chapters 8-10 offer specific types of controls within those categories over information security, confidentiality, privacy, processing integrity, and availability. Think about controls that you have encountered in your own life (personal, professional, within organizational memberships, etc.). Note that at the time, you may or may not have realized that the answer to “why is this done?” was that a control was being implemented: a control over operations,...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and...
We can classify a company's control procedures into three major types: preventive controls, detective controls, and corrective controls. What is the difference between prventive controls, detective controls and corrective controls?
Provide examples of business concerns describing the Preventive, Detective and Corrective Action with reference to Internal...
Provide examples of business concerns describing the Preventive, Detective and Corrective Action with reference to Internal Control. A disaster recovery plan (DRP) is a documented process or set of procedures to execute an organization's disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster. It is "a comprehensive statement of consistent actions to be taken before, during and after a disaster". Describe a Disaster Recovery Plan (DRP) for Information Technology of a Saudi...
Name a preventive control, detective control, or corrective control you had developed or experienced or read...
Name a preventive control, detective control, or corrective control you had developed or experienced or read about.
Week 4 Question 1: "Classify the following control activities as preventive, detective or corrective and explain...
Week 4 Question 1: "Classify the following control activities as preventive, detective or corrective and explain your reasoning, (a) Employees have a password to gain access to the system. (b) When sales are entered, the system retrieves customer details based on the customer number. (c) A check is performed to identify if all cheques can be accounted for. (d) Systems development is subject to sign-off by the CIO before it can take place. (e) Virus definitions are updated daily. (f)...
Describe the difference between preventative and detective controls and discuss the strengths and weaknesses of each.
Describe the difference between preventative and detective controls and discuss the strengths and weaknesses of each.
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT