Question:Which ONE of the following would be classed as a contingency control in an information system?
  A. System recovery procedures
  B. Data validation procedures
  C. Password-only access to the system
  D. Audit trails
  The correct answer is:System recovery procedures
  Rationale: System recovery procedures are set in place for activation in the event of breakdown, to get the system up and running again: this is a contingency control, because it plans for a 'worst case scenario'.
  Password access is an example of a security control: protecting data from unauthorised modification, disclosure or destruction of data.
  Audit trails (showing who has accessed a system and what they have done) and data validation (checking that input data is not incomplete or unreasonable) are examples of integrity controls: controls which maintain the completeness and correctness of data in the system.
  Pitfalls: There is a lot of vocabulary and procedure in this area: make sure that you could answer questions on a variety of different data security controls.