Certified Information Systems Security Professional (CISSP) — Question 289
Employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?
Answer options
- A. Preventative
- B. Management
- C. Non-essential
- D. Administrative
Correct answer: D
Explanation
The correct answer is D, as employee training, risk management, and data handling procedures are all part of administrative controls designed to manage security risks. While they may also have preventative aspects, they primarily fall under the category of administrative measures that guide how security is managed within an organization.