A timely review of system access audit records would be an example of which of the basic security functions?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
By reviewing system logs you can detect events that have occured.
The following answers are incorrect: avoidance.
This is incorrect, avoidance is a distractor.
By reviewing system logs you have not avoided anything.
deterrence.
This is incorrect because system logs are a history of past events.
You cannot deter something that has already occurred.
prevention.
This is incorrect because system logs are a history of past events.
You cannot prevent something that has already occurred.
The timely review of system access audit records is an example of the basic security function of detection.
Detection is the process of identifying and responding to security incidents, which includes analyzing logs and audit records to identify unusual or unauthorized activity. This process helps security personnel to detect and respond to potential security threats before they can cause significant harm to the organization.
In the case of system access audit records, a timely review of these records allows security personnel to detect unauthorized access attempts, identify potential insider threats, and investigate suspicious activity. For example, if an employee's access to a sensitive system suddenly increases, this may indicate that the employee is attempting to perform unauthorized activities.
The other options are not appropriate choices in this scenario.
Avoidance refers to a risk management strategy of avoiding or mitigating risks altogether. A timely review of system access audit records does not avoid or mitigate risks but rather identifies them.
Deterrence is a security strategy that aims to discourage potential attackers by making it difficult or costly to carry out attacks. The review of audit records does not deter potential attackers but rather detects their activities.
Prevention is a security strategy that aims to prevent security incidents from occurring in the first place. The review of audit records does not prevent incidents but rather detects them after they have occurred.
Therefore, the correct answer is D. detection.