Summarize that information security safeguards offer three levels of controls: managerial, operational, and technical.
Managerial controls are security processes that are designed by strategic planners and implemented by the security administration of the organization. Management controls set the direction and scope of the security process, and they provide detailed instructions for its conduct, while addressing the design and implementation of the security planning process and security program management.
Operational controls are management and lower-level planning functions that deal with the operational functionality of security in the organization, such as disaster recovery and incident response planning. Operational controls also address personnel security, physical security, and the protection of production inputs and outputs.
Technical controls are the tactical and technical implementations of security in the organization. Technical controls are the components put in place to protect an organization’s information assets.
Compare and contrast the differences between the three level of controls. Focus on the fact that managerial controls influence operational and technical controls that must be in place for security to be effective.