I had a quick question about the control categories listed in the lesson on IT Governance and Risk Management. In the lesson you list off 6 categories, which matches up with what the Shon Harris book says and what I have learned previous to this course. I was doing a practice test online and came across a question that stated Directive as a control type and referenced the official ISC2 book by Stephen Hernandez. In this book, he listed 7 control types and includes directive as one. Pretty much everyone in the industry swears by the Shon Harris book, and I know Adam Gordon's credentials so I am sure he knows what's what. But I am a little confused by the official ISC2 book. So is it 6 or 7? I'm going in for the test in a week or so and this kind of threw a small wrench in a domain I thought I had down pat.
-
CISSP Control Categories
-
Travis,
Thank you for writing in. Unfortunately, I don't have a good answer for this one. I will shoot an e-mail off to Adam to get his feedback and let you know.
Thanks again,
Don Pezet
Host, ITProTV -
Travis,
I just heard back from Adam. Here is his response:While we are not allowed to discuss the specifics of any material that may appear on the exam, the concept of a Directive control is discussed in the Official CISSP Guide to the CBK: Third Edition on page 46.
The concept is fairly straight forward, and although we did not formally call it out as a control type in our discussions, along with the other control types, it is discussed at length in many other areas of the course materials that we produced.
The confusion most probably stems from the fact that Directive controls are often referred to as Administrative Controls more broadly, or generally. I do believe that we discussed the Administrative Control, and specifically linked it to concepts such as the Security Policy of the organization, or the procedures that support the policies.
Having said all that, a knowledge of the concept of an Administrative, or Directive, Control and what it represents, as well as where we use them in the organization, is always good information to have.Please let me know if there is anything else I can help with.
Don Pezet
Host, ITProTV -
I still find it a little confusing because the various resources seem to differentiate between Administrative and Directive controls. But at this point I am pretty sure I am overthinking it.
I did pass by the way! Thanks to all three of you guys for a great course, I probably couldn't have passed without the guidance you guys gave on where to focus. -
Travis,
Congrats on this wonderful achievement!
The ITProTV team celebrates with you on your success!
Cordially,
Ronnie Wong
Host, ITProTVCordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.
