Which type of control would password management classify as?

A.
Compensating control

B.
Detective control

C.
Preventive control

D.
Technical control

Explanation:
Preventive technical controls are used to prevent unauthorized personnel or
programs from gaining remote access to computing resources. Examples of these controls
include:
• Access control software.
• Antivirus software.
• Library control systems.
• Passwords and Password management.
• Smart cards.
• Encryption.
• Dial-up access control and callback systems.
About Passwords: Passwords are used to verify that the user of an ID is the owner of the ID. The
ID-password combination is unique to each user and therefore provides a means of holding users
accountable for their activity on the system.
Fixed passwords that are used for a defined period of time are often easy for hackers to
compromise; therefore, great care must be exercised to ensure that these passwords do not
appear in any dictionary. Fixed passwords are often used to control access to specific data bases.
In this use, however, all persons who have authorized access to the data base use the same
password; therefore, no accountability can be achieved.
Currently, dynamic or one-time passwords, which are different for each log-on, are preferred over
fixed passwords. Dynamic passwords are created by a token that is programmed to generate
passwords randomly.
The management of those passwords is part of Preventive control.