(ISC)2 Certified in Cybersecurity Practice Exam

What is the best practice for achieving optimum security in an IT environment?

• A. Use only logical access controls
• B. Use only physical access controls
• C. Use only administrative access controls
• D. Use a blend of controls

The correct answer is: Use a blend of controls

Achieving optimum security in an IT environment requires a comprehensive approach that integrates multiple types of controls. A blend of logical, physical, and administrative access controls helps to create a layered defense strategy, often referred to as "defense in depth." Logical access controls protect the data and information systems through user authentication and authorization mechanisms, ensuring that only the right individuals have access to sensitive data. Physical access controls restrict access to facilities and hardware, protecting against unauthorized physical entry and potential tampering. Administrative access controls involve policies and procedures that govern the behavior and responsibilities of the personnel in the organization, establishing clear guidelines on how to handle sensitive information. By combining these controls, organizations can address different security threats and vulnerabilities more effectively. If one type of control is bypassed or fails, the other layers can still provide protection, thus reducing the overall risk. This holistic approach is essential in today's complex IT landscapes where threats can arise from various sources, making it crucial to implement multiple strategies to safeguard information and systems comprehensively.