Which of the following security control types does an acceptable use policy best represent?
Which of the following security control types does an acceptable use policy best represent?
An acceptable use policy (AUP) is designed to establish what constitutes acceptable and unacceptable use of an organization's resources. By defining these guidelines, the policy aims to prevent inappropriate or malicious actions that could harm the organization, making it a preventive control. Preventive controls are established to stop security incidents before they occur, ensuring that users adhere to the organization's standards and procedures, thereby reducing potential risks.
D. Preventive AUP is pretty obviously trying to prevent things from happening. It's not A. Detective because it doesn't detect anything. It's a policy. It's not B. Compensating because it isn't making up for any other policy included in the question. It's not C. Corrective because it doesn't correct anything on it's own, it's simply a policy that is to be followed. So it could only be D. Preventive, as it prevents people from doing things that might compromise the network.
AUP = lets user know what is acceptable and allowed to prevent them from performing certain activity
It's impossible for a policy to be a detective, corrective, or preventative control as a policy CANNOT stop/prevent, or detect any attack in any way. It has to be B
Due to the consequences a user will face if they breach the AUP, it acts as a deterrent. It does actually prevent a lot.
its clearly D
An acceptable use policy best represents: D. Preventive An acceptable use policy is designed to prevent security incidents by defining the acceptable and unacceptable behaviors and actions for users within an organization. By setting clear guidelines and expectations, it aims to prevent misuse and ensure that users adhere to security protocols, thereby reducing the risk of security breaches.
preventive - an acceptable use policy enforces rules to users to use company resources. example - company A states that in order to access files in the company server you must connect to your company VPN when working from home. This prevents you from connecting from an insecure network.
Policies are usually a type of preventive admin control.