Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Among the given options, the answer that represents a detective control that can be used to uncover unauthorized access to information systems is option C: Requiring internal audit to perform periodic reviews of system access logs.
Detective controls are a type of control that are designed to identify and respond to events after they have occurred. In the context of information security, detective controls are implemented to detect and respond to security incidents such as unauthorized access to information systems.
Periodic reviews of system access logs by internal audit is a detective control that can help uncover unauthorized access to information systems. System access logs record information such as who accessed the system, when they accessed it, and what actions they performed. By reviewing these logs periodically, internal audit can identify any unauthorized access attempts, unusual patterns of activity, or other security incidents.
Option A: Requiring long and complex passwords for system access, is an example of a preventive control. Preventive controls are implemented to prevent security incidents from occurring. Requiring long and complex passwords can make it harder for attackers to guess or crack passwords, but it will not necessarily detect unauthorized access that has already occurred.
Option B: Implementing a security information and event management (SIEM) system, is an example of a detective control, but it is a more general control that can help detect a wide range of security incidents, not just unauthorized access. SIEM systems collect and analyze security events from various sources to identify potential security incidents.
Option D: Protecting access to the data center with multifactor authentication, is an example of a preventive control. Multifactor authentication is a security measure that requires users to provide more than one form of authentication to access a system, such as a password and a biometric factor. While this control can make it harder for attackers to gain unauthorized access, it will not necessarily detect unauthorized access that has already occurred.