The viewing of recorded events after the fact using a closed-circuit TV camera is considered a.
Click on the arrows to vote for the correct answer
A. B. C. D.Explanation.
Detective security controls are like a burglar alarm.
They detect and report an unauthorized or undesired event (or an attempted undesired event)
Detective security controls are invoked after the undesirable event has occurred.
Example detective security controls are log monitoring and review, system audit, file integrity checkers, and motion detection.
Visual surveillance or recording devices such as closed circuit television are used in conjunction with guards in order to enhance their surveillance ability and to record events for future analysis or prosecution.
When events are monitored, it is considered preventative whereas recording of events is considered detective in nature.
Below you have explanations of other types of security controls from a nice guide produce by James Purcell (see reference below): Preventive security controls are put into place to prevent intentional or unintentional disclosure, alteration, or destruction (D.A.D.) of sensitive information.Some example preventive controls follow: PolicyUnauthorized network connections are prohibited.
FirewallBlocks unauthorized network connections.
Locked wiring closetPrevents unauthorized equipment from being physically plugged into a network switch.
Notice in the preceding examples that preventive controls crossed administrative, technical, and physical categories discussed previously.
The same is true for any of the controls discussed in this section.
Corrective security controls are used to respond to and fix a security incident.Corrective security controls also limit or reduce further damage from an attack.
Examples follow: Procedure to clean a virus from an infected system A guard checking and locking a door left unlocked by a careless employee Updating firewall rules to block an attacking IP address Note that in many cases the corrective security control is triggered by a detective security control.
Recovery security controls are those controls that put a system back into production after an incident.
Most Disaster Recovery activities fall into this category.
For example, after a disk failure, data is restored from a backup tape.
Directive security controls are the equivalent of administrative controls.
Directive controls direct that some action be taken to protect sensitive organizational information.
The directive can be in the form of a policy, procedure, or guideline.
Deterrent security controls are controls that discourage security violations.
For instance, "Unauthorized Access Prohibited" signage may deter a trespasser from entering an area.
The presence of security cameras might deter an employee from stealing equipment.
A policy that states access to servers is monitored could deter unauthorized access.
Compensating security controls are controls that provide an alternative to normal controls that cannot be used for some reason.
For instance, a certain server cannot have antivirus software installed because it interferes with a critical application.
A compensating control would be to increase monitoring of that server or isolate that server on its own network segment.
Note that there is a third popular taxonomy developed by NIST and described in NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems." NIST categorizes security controls into 3 classes and then further categorizes the controls within the classes into 17 families.Within each security control family are dozens of specific controls.
The NIST taxonomy is not covered on the CISSP exam but is one the CISSP should be aware of if you are employed within the US federal workforce.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 340)
and CISSP Study Guide By Eric Conrad, Seth Misenar, Joshua Feldman, page 50-52 and Security Control Types and Operational Security, James.
E.
Purcell, http://www.giac.org/cissp-papers/207.pdf.
The viewing of recorded events after the fact using a closed-circuit TV camera is considered a detective control.
A detective control is a security measure that is used to identify security incidents and events after they have occurred. This type of control is used to detect security breaches or incidents that may have occurred in the past.
In this case, the closed-circuit TV camera is used to record events that occur in a specific area. The recorded events can be reviewed at a later time to detect any incidents that may have occurred in that area. This can be useful for identifying unauthorized access, theft, or other security incidents that may have occurred in the area.
Detective controls are an important part of a comprehensive security program, as they help to identify incidents that may have been missed by other security measures, such as preventive controls. They also help to provide evidence that can be used to investigate security incidents and identify the individuals responsible for them.
In contrast, a preventive control is a security measure that is designed to prevent security incidents from occurring in the first place. Examples of preventive controls include access controls, firewalls, and intrusion detection systems. Compensating controls are used to address a weakness in a security control or process. Corrective controls are used to fix a security issue after it has been identified.
Overall, the viewing of recorded events after the fact using a closed-circuit TV camera is an example of a detective control, as it is used to identify security incidents after they have occurred.