A cybersecurity company implemented an access control software that allows only authorized personnel to access sensitive files. Which type of control has the company implemented in this case?
A. Preventive Control – Correct Answer. Access control software is designed to prevent unauthorized access by enforcing authentication and authorization mechanisms. This aligns with ISO/IEC 27001:2022 Annex A Control A.5.18 (Access Rights).
B. Detective controls identify and log unauthorized access attempts, but do not prevent them.
C. Corrective controls take action after a security event has occurred.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit