Which of the following is most likely to be useful in detecting intrusions?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 186).
Out of the given options, the most likely to be useful in detecting intrusions is Audit trails (Option C).
Audit trails refer to a record of events and actions that have been executed within a system or network. It includes information such as user activity, system changes, network traffic, and access attempts.
By analyzing audit trails, security administrators can identify anomalous behavior or suspicious activity that may indicate a potential security breach. The audit trails can help determine the source and impact of an attack, which can help in mitigating the attack and implementing preventive measures.
Access control lists (Option A) are used to restrict access to resources based on predefined rules. While they can be useful in preventing unauthorized access, they do not provide any indication of whether a breach has occurred or not.
Security labels (Option B) are used to classify data based on sensitivity, but they do not provide any direct indication of a security breach.
Information security policies (Option D) are guidelines and procedures for maintaining the security of an organization's information assets. While they are important for establishing a security framework, they are not directly useful in detecting intrusions.
In summary, while all of the options listed are important for maintaining security, audit trails are the most likely to be useful in detecting intrusions.