Certified Chief Information Security Officer (CCISO) — Question 88

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program.
What type of control has been effectively utilized?

Answer options

• A. Technical Control
• B. Management Control
• C. Operational Control
• D. Training Control

Correct answer: C

Explanation

The correct answer is C, Operational Control, as it pertains to the procedures and training that help employees recognize and mitigate security threats. While Technical Control refers to security measures implemented through technology, Management Control focuses on policies and governance, and Training Control is not a standard classification within the typical control framework.