(ISC)2 Certified in Cybersecurity Practice Exam

Which type of controls directly affects the physical world?

• A. Technical Controls
• B. Physical Controls
• C. Administrative Controls
• D. Management Controls

The correct answer is: Physical Controls

The choice of physical controls as the correct answer is grounded in the definition and purpose of each type of control in the context of cybersecurity and information security management. Physical controls refer to security measures that are put in place to protect the physical assets of an organization. This includes tangible elements like buildings, equipment, and data centers. Examples of physical controls are locks, security guards, surveillance cameras, and access control systems. These controls are designed to prevent unauthorized physical access to sensitive areas, thereby safeguarding physical resources from threats such as theft, vandalism, or natural disasters. In contrast, technical controls typically involve software or hardware solutions that protect systems and data electronically. These are not as directly related to the physical world as physical controls are. Administrative controls refer to policies, procedures, and practices that govern how security is maintained and are more about the processes rather than the physical implementations. Management controls encompass overall governance and risk management strategies that guide security efforts but do not directly deal with the physical environment. Thus, physical controls are unique in that they are specifically aimed at managing risks and protecting against threats in the tangible, physical space surrounding an organization.