Learn how directive controls like acceptable use policies can protect sensitive data during business divestitures and employee transfers, as recommended by ISACA CISA guidelines.
Table of Contents
Question
Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?
A. Corrective control
B. Preventive control
C. Detective control
D. Directive control
Answer
D. Directive control
Explanation
Directive controls guide employees’ actions through policies, standards, and procedures. The recommended acceptable use policy falls under this category, as it outlines the permitted ways employees can use the IT equipment, thereby influencing their behavior and mitigating risks associated with unauthorized access or misuse.
Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.