Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 – All-in-One Guide to Master Your Certification!

A user ID and password system represents a form of technical access control. This type of access control is implemented through technology and software mechanisms to manage and restrict who can access certain data or systems.

Technical access controls include measures such as authentication processes, encryption, and firewalls that utilize technology to protect resources and ensure that only authorized users can gain access. In the case of user ID and password, it involves a system where users must provide specific credentials to verify their identity before being granted access to sensitive information or systems. This is fundamentally a technological method of ensuring that access is granted based on established security protocols.

Each of the other control types – administrative, physical, and operational – addresses different aspects of security management. Administrative controls focus on policies, procedures, and guidelines governing the behavior of people. Physical controls involve tangible components designed to protect facilities and resources, such as locks and security guards. Operational controls include the day-to-day processes and activities carried out to ensure security. Therefore, a user ID and password system aligns specifically with the category of technical access control.