Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?
The recommended control is a directive control. Directive controls are policies or guidelines that provide instructions or procedures for proper behavior and operations. The acceptable use policy will guide the employees on the allowable use of IT equipment, ensuring compliance with both organizations' expectations.
B. Preventive control
D. Directive control
B. Preventive control
While preventive controls (option B) aim to prevent incidents from occurring, the primary objective of the recommended action is to provide clear directives to ensure appropriate use of the IT equipment following the business division sale. Therefore, it aligns more closely with the concept of directive control.
D. Policy controls are diretive