Question：Which ONE of the following would be classed as a contingency control in an information system?

　　A. System recovery procedures

　　B. Data validation procedures

　　C. Password-only access to the system

　　D. Audit trails

　　The correct answer is: System recovery procedures

　　Rationale: System recovery procedures are set in place for activation in the event of breakdown, to get the system up and running again: this is a contingency control, because it plans for a 'worst case scenario'.

　　Password access is an example of a security control: protecting data from unauthorised modification, disclosure or destruction of data.

　　Audit trails (showing who has accessed a system and what they have done) and data validation (checking that input data is not incomplete or unreasonable) are examples of integrity controls: controls which maintain the completeness and correctness of data in the system.

　　Pitfalls: There is a lot of vocabulary and procedure in this area: make sure that you could answer questions on a variety of different data security controls.