IT Examiner School eBook May 2025

Information Security Controls

Administrative Controls support the classic management responsibilities of planning, directing, organizing, and reporting.

Technical Controls involve hardware and application or OS software.

Physical Controls protect against environmental, human, and systemic threats.

14

Control Types, Timing, and Layering

• Controls are categorized according to timing & nature • Importance of layered controls system • Strength of one control can compensate for weaknesses in or failure of another control (Defense-In-Depth Approach)