PECB Lead Auditor (ISO/IEC 27001) — Question 9

Which of the following best defines managerial controls?

Answer options

• A. Controls related to the management of personnel, including training of employees, management reviews, and internal audits
• B. Controls related to organizational structure, such as segregation of duties, job rotations, job descriptions, and approval processes
• C. Controls related to the use of technical measures or technologies, such as firewalls, alarm systems, surveillance cameras, and IDSs

Correct answer: A

Explanation

The correct answer, A, refers specifically to controls that focus on managing personnel aspects, such as training and audits. Options B and C describe controls related to organizational structure and technical measures, respectively, which do not align with the definition of managerial controls.