PECB Risk Manager — Question 1

Scenario 1 -
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
According to scenario 1, what type of controls did Henry suggest?

Answer options

• A. Technical
• B. Managerial
• C. Administrative

Correct answer: C

Explanation

Henry suggested controls related to training personnel and conducting awareness sessions, which fall under administrative controls aimed at ensuring that employees are informed and capable of protecting sensitive information. Technical controls typically involve hardware or software solutions, while managerial controls focus on policies and procedures, making administrative the most appropriate category in this context.