Which of the following is NOT a technical control?

A.
Password and resource management

B.
Identification and authentication methods

C.
Monitoring for physical intrusion

D.
Intrusion Detection Systems

Explanation:
Technical controls, also called logical access control mechanisms, work in software to provide confidentiality,
integrity, or availability protection. Some examples are passwords, identification and authentication methods,
security devices, auditing, and the configuration of the network.
Physical controls are controls that pertain to controlling individual access into the facility and different
departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of
the facility, monitoring for intrusion, and checking environmental controls.
Monitoring for physical intrusion is an example of a physical control, not a technical control.
Incorrect Answers:
A: Password and resource management is an example of a technical control.
B: Identification and authentication methods are an example of a technical control.
D: Intrusion Detection Systems are an example of a technical control.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28