A business continuity plan is an example of which of the following?
A.
Corrective control
B.
Detective control
C.
Preventive control
D.
Compensating control
Explanation:
A corrective control, such as business continuity plan (BCP), consists of instructions, procedures, or guidelines
used to reverse the effects of an unwanted activity, such as attacks or errors. In particular a BCP is the
assessment of a variety of risks to organizational processes and the creation of policies, plans, and procedures
to minimize the impact those risks might have on the organization if they were to occur.
Incorrect Answers:
B: A business continuity plan is A detective control. A detective control is an access control deployed to
discover unwanted or unauthorized activity. Examples of detective access controls include security guards,
supervising users, incident investigations, and intrusion detection systems (IDSs).
C: A preventive control is any security mechanism, tool, or practice that can deter and mitigate undesirable
actions or events. A business continuity plan is A preventive control.
D: A compensating control is a data security measure that is designed to satisfy the requirement for some other
security measure that is deemed too difficult or impractical to implement. A business continuity plan is A
compensating control.Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security ProfessionalStudy Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 14