Free Preparation Discussions
MENU
Exin Exam CITM Topic 8 Question 5 Discussion
Topic #: 8
A technical team investigating possible controls concludes that the most preferred control cannot be implemented as a result of too many constraints and decides to propose the second-best control. How is this control being referred to?
A compensating control is an alternative control implemented when the preferred control cannot be applied due to constraints (e.g., technical, financial, or operational). According to frameworks like COBIT or ISO/IEC 27001, compensating controls provide equivalent or partial risk mitigation when the primary control is infeasible.
Deterrent controls (A) discourage violations, detective controls (C) identify incidents, and corrective controls (D) address issues after they occur. Only compensating control (B) fits the scenario of a second-best alternative due to constraints.
Currently there are no comments in this discussion, be the first to comment!