Personnel Security

B.

Many important issues in computer security involve human users, designers, implementers, and managers.

A broad range of security issues relates to how these individuals interact with computers and the access and authorities they need to do their jobs.

Since operational controls address security methods focusing on mechanisms primarily implemented and executed by people (as opposed to systems), personnel security is considered a form of operational control.

Operational controls are put in place to improve security of a particular system (or group of systems)

They often require specialized expertise and often rely upon management activities as well as technical controls.Implementing dual control and making sure that you have more than one person that can perform a task would fall into this category as well.

Management controls focus on the management of the IT security system and the management of risk for a system.

They are techniques and concerns that are normally addressed by management.

Technical controls focus on security controls that the computer system executes.

The controls can provide automated protection for unauthorized access of misuse, facilitate detection of security violations, and support security requirements for applications and data.

Reference use for this question: NIST SP 800-53 Revision 4http://dx.doi.org/10.6028/NIST.SP.800-53r4 You can get it as a word document by clicking HERE NIST SP 800-53 Revision 4 has superseded the document below: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Page A-18).

Personnel security is the process of ensuring that individuals who have access to an organization's sensitive information and assets are trustworthy and reliable. This involves the use of various controls and measures to mitigate the risks associated with personnel who have access to an organization's sensitive data.

Out of the given options, the control that is most concerned with personnel security is "Human resources controls" (Option D).

Human resources controls refer to the policies, procedures, and practices that are put in place by an organization's human resources department to ensure that employees are trustworthy and reliable. These controls include pre-employment screening, background checks, security awareness training, and personnel security policies and procedures.

Pre-employment screening is the process of conducting background checks on job applicants to verify their identity, education, work history, and criminal history. This helps to ensure that the organization is hiring trustworthy and reliable individuals.

Security awareness training is an essential part of personnel security controls. It helps employees to understand the importance of protecting sensitive data and assets, as well as the consequences of not doing so.

Personnel security policies and procedures define the requirements for personnel security, including the types of background checks that are required, the frequency of security awareness training, and the consequences of violating personnel security policies.

Therefore, human resources controls are most concerned with personnel security. The other controls, such as management controls, operational controls, and technical controls, are also important for maintaining security, but they do not specifically address the risks associated with personnel who have access to an organization's sensitive data and assets.