A system that centralizes the storage, analysis, and reporting of log data from various sources within an organization's IT infrastructure performs a preventive role in the security control framework.
This assertion is inaccurate because the primary function of centralizing and analyzing log data is for detection and investigation purposes, matching the definition of a detective control.
This assertion is correct as preventing incidents is a key goal of centralizing and analyzing log data, which is a characteristic of preventive controls.
The system in question centralizes the collection and analysis of log data in order to identify and alert on potentially malicious activity, classifying it as a detective control rather than a preventive one. Preventive controls aim to prevent security incidents from occurring in the first place, while detective controls are used to find and respond to incidents that are in progress or have already occurred.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a detective control in cybersecurity?
Open an interactive chat with Bash
How does a SIEM system perform as a detective control?
Open an interactive chat with Bash
What is the difference between preventive and detective controls?