Certified Information Systems Security Professional (CISSP) Practice Exam

The correct answer, which identifies the option that is not a recognized type of control in security management, is "Interference controls."

In security management, there are three primary types of controls: preventive, detective, and deterrent.

Preventive controls are implemented to prevent security incidents from occurring. These can include measures such as access controls, firewalls, and encryption. Their main purpose is to stop security breaches before they happen.

Detective controls, on the other hand, are designed to identify and highlight incidents that have already occurred. Examples include intrusion detection systems, security audits, and monitoring logs. These controls play a crucial role in recognizing security breaches in real-time or through post-incident analysis.

Deterrent controls aim to discourage potential attackers from attempting an unauthorized action or breach of security. This could include warning signs, security personnel presence, or legal actions. They serve as a psychological barrier against threats.

The term "Interference controls" is not part of the standard security control categories recognized in the field, making it the correct choice as not being a type of control used in security management.