Certified Chief Information Security Officer (CCISO) — Question 53

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.

Answer options

• A. Technical control
• B. Management control
• C. Procedural control
• D. Administrative control

Correct answer: D

Explanation

The correct answer is D, as administrative controls include policies and procedures that govern employee behavior and access to sensitive information. Options A and C refer to technical and procedural measures, respectively, which do not directly involve employee vetting. Option B, while related to oversight, does not encompass the specific actions required for employee background checks.