In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type?

In the context of layered defense, it's essential to understand that a robust security posture relies on multiple overlapping security controls that address different aspects of potential vulnerabilities. By including administrative, physical, and technological controls, an organization can create a comprehensive security framework.

Administrative controls refer to policies and procedures that help govern how security is managed within the organization. These may include guidelines for user access, incident response plans, and employee training programs, all of which establish the foundation for a security-conscious culture and operational effectiveness.

Physical controls concern the tangible measures designed to protect an organization's assets. This could involve security guards, surveillance cameras, access control systems, and secure server rooms. These measures prevent unauthorized physical access to sensitive areas and data.

Technological controls utilize tools and systems such as firewalls, intrusion detection systems, and encryption to mitigate risks at the digital level. They provide the necessary defense against cyber threats and help secure the organization's information systems and data.

By advocating for all types of controls—administrative, physical, and technological—security practitioners enhance the organizational defense by ensuring there are multiple layers of security, each addressing different vulnerabilities and attack vectors. This multi-faceted approach greatly reduces the likelihood of successful breaches and enables a more resilient security posture overall.