week 5
K1.5 The role and types of directive business control techniques in protecting the digital security of an organisation:
Directive controls are guidance-based measures that aim to influence and shape behaviour in a way that supports good security practices across an organisation.
They help promote a security-focused business culture by:
-
Clearly communicating rules and expectations
-
Encouraging the right actions
-
Reinforcing a shared responsibility for security
-
Helping to prevent risky or careless behaviour
These controls are about leading by example and building awareness rather than stopping threats directly.
📣 Types of Directive Control Techniques
Directive controls come in two main types: physical and administrative.
Physical Directive Controls
These are visible and practical tools that communicate or enforce expectations in a physical space.
| Type | Description |
|---|---|
| Signage | Signs that clearly state rules or reminders – e.g. “Authorised Personnel Only”, “Keep Door Locked”, or “No Tailgating”. |
| Mandatory ID Badge Display | Requires staff and visitors to wear ID badges in a visible place. Helps enforce identification and accountability. |
These measures set the tone for secure behaviour and remind people what is expected.
Administrative Directive Controls (Policies and Procedures)
These are formal rules, procedures, and training activities designed to guide behaviour and establish a consistent security culture.
| Type | Description |
|---|---|
| Agreement Types | Includes signing policies such as confidentiality agreements or IT user agreements. |
| Security Policies & Procedures | Company-wide rules such as password policies, access procedures, or secure email usage. |
| Regular and Compulsory Training | Sessions like human firewall training, phishing awareness, or role-specific cyber hygiene training. These educate employees on how to stay secure and avoid risky behaviour. |
These controls make sure everyone knows their responsibilities, understands the risks, and is trained to act appropriately.
Build a Security-Aware Workplace Culture
Scenario:
You’ve been hired to improve the cyber security culture in a company that recently suffered from a phishing attack. Many employees weren’t aware of basic security rules.
Task:
1. Choose two physical and two administrative directive controls to promote better security habits.
For each control, explain:
2. What it is
How it helps promote security
Who it targets (e.g. staff, visitors, IT users)
Optional Extension:
Design a security awareness poster to be displayed near staff workstations. Include:
A short slogan (e.g. "Think Before You Click")
A clear rule or reminder
A visual icon or symbol
Last Updated
2025-07-11 14:05:56
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
Many of these control techniques don’t apply to just one job role, they involve many IT professionals working together.
-
Outline the tasks an Infrastructure Engineer might undertake to protect an organisation.
-
What other digital job roles will play an important part in protecting the organisation?
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 4←
PrevWeek 5←
PrevWeek 6←
Prev→
Next