A security operations center (SOC) analyst is tasked with improving the organization's ability to identify security incidents as they happen or shortly after they have occurred. The current infrastructure primarily consists of firewalls, which block traffic based on a predefined rule set, and strong password policies. The analyst recommends implementing a Security Information and Event Management (SIEM) system to aggregate and analyze logs from various network devices and servers. Which type of security control is the analyst recommending?
The analyst is recommending a detective control. A Security Information and Event Management (SIEM) system is a classic example of a detective control, as its primary function is to aggregate, correlate, and analyze log data to identify and alert on potential security incidents after they have started. Preventive controls, like the existing firewalls and password policies, aim to stop an incident from occurring in the first place. Corrective controls are used to remediate an incident after it has happened, such as restoring a system from a backup. Operational controls refer to security measures implemented and managed by people, which is a different classification category from the control's function.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SIEM system, and how does it work?
Open an interactive chat with Bash
How do detective controls differ from preventive and corrective controls?
Open an interactive chat with Bash
Why are firewalls not considered detective controls?