A newly-hired CSO is faced with improving security for your company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks, the CSO publishes a more comprehensive security policy with associated standards. Which issue could be addressed through the use of technical controls specified in the new security policy?

A. an employee posting negative comments about the company from a personal mobile device
B. an employee remotely configuring the database server from a relative's home during work hours
C. a third party cloning some of the company's externally facing web pages and creating lookalike sites
D. an employee publishing negative information and stories about company management on social media

---

B
Explanation: Of the issues listed, the only issues that could be addresses through the use of technical controls is an employee remotely configuring the database server from a relative's home during work hours. You can configure a specific control to prevent this from occurring.
You cannot configure a technical control that prevents an employee from posting negative comments about the company from a personal mobile device. However, you can implement a security policy that specifically spells out any repercussions that may occur as a result of this happening.
You cannot configure a technical control that will prevent a third party from cloning some of the company's externally facing web pages and creating lookalike sites. The only thing you can do in this case is to educate your users to ensure that they know the real web address for your company.
You cannot configure a technical control that will prevent an employee from publishing negative information and stories about company management on social media. You can, however, implement a security policy that specifically spells out any repercussions that may occur as a result of this happening.