Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive
documents are examples of:

A.
Deterrent controls

B.
Output controls

C.
Information flow controls

D.
Asset controls

Explanation:
Output controls are used for two things — for protecting the confidentiality of an output, and for verifying the
integrity of an output by comparing the input transaction with the output data. Elements of proper output
controls would involve ensuring the output reaches the proper users, restricting access to the printed output
storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output,
and printing “no output” banners when a report is empty
Incorrect Answers:
A: Deterrent controls are used to encourage compliance with external controls, such as regulatory compliance.
These controls are meant to complement other controls, such as preventative and detective controls. This is
not what is described in the question.
C: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive
documents are not examples of information flow controls.
D: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive
documents are not examples of asset controls.

Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, New York, 2001, p. 218