A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent
The Correct Answer and Explanation is :
The correct answer is C. Detective.
Explanation:
A Security Information and Event Management (SIEM) system is designed to collect, analyze, and manage security data from various sources within an organization’s IT infrastructure. The primary function of a SIEM system is to provide real-time analysis of security alerts generated by applications and network hardware. By setting up a SIEM system and assigning an analyst to review the logs weekly, the company is implementing a type of control that focuses on identifying and understanding security incidents after they occur.
Detective controls are mechanisms put in place to detect and alert on security events and potential threats. These controls do not prevent incidents from occurring but are critical for identifying breaches and vulnerabilities as they happen or shortly after. By reviewing logs, the analyst can spot anomalies, unusual patterns, or signs of malicious activities, which are essential for an organization’s incident response and recovery process. This ongoing monitoring helps ensure that any suspicious activity can be investigated promptly, potentially mitigating damage.
In contrast:
- Corrective controls aim to rectify a situation after a security incident has occurred. For instance, restoring data from backups or applying patches after a vulnerability has been exploited.
- Preventive controls are proactive measures taken to prevent security incidents from happening in the first place, such as firewalls, access controls, or encryption.
- Deterrent controls are intended to discourage potential threats or breaches, such as warning signs, security policies, and physical barriers.
Thus, by focusing on log analysis through the SIEM system, the company is establishing a detective control that enhances its ability to detect and respond to security incidents effectively.