Answer-first summary for fast verification
Answer: Preventive: MFA; Detective: IDS; Corrective: Incident response team; Directive: Cybersecurity policy.
## Explanation Let's analyze each control type and the corresponding measures: ### Control Types: - **Preventive Controls**: Designed to prevent incidents from occurring (proactive) - **Detective Controls**: Designed to identify incidents that have occurred (monitoring) - **Corrective Controls**: Designed to restore systems after an incident has occurred (recovery) - **Directive Controls**: Policies and procedures that guide employee behavior and establish requirements ### Analysis of Each Measure: 1. **Multi-factor authentication (MFA)**: This is a **Preventive Control** - it prevents unauthorized access by requiring multiple forms of verification before granting system access. 2. **Intrusion detection systems (IDS)**: This is a **Detective Control** - it monitors network traffic to detect potential security breaches or malicious activities that have already occurred. 3. **Incident response team**: This is a **Corrective Control** - it responds to and restores systems after a security breach has occurred. 4. **Cybersecurity policy with mandatory training**: This is a **Directive Control** - it establishes mandatory requirements and guides employee behavior through policies and training. ### Correct Classification: - **Preventive**: MFA - **Detective**: IDS - **Corrective**: Incident response team - **Directive**: Cybersecurity policy Therefore, **Option B** correctly identifies all four control types with their corresponding measures.
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
In the context of organizational risk management, controls are categorized based on their purpose and timing relative to potential incidents. Preventive, Detective, Corrective, and Directive Controls serve distinct roles in mitigating risks. Scenario: A financial institution is enhancing its cybersecurity framework. The Chief Information Security Officer (CISO) proposes the following measures:
Which combination of controls best represents Preventive, Detective, Corrective, and Directive Controls, respectively?
A
Preventive: MFA; Detective: IDS; Corrective: Incident response team; Directive: None.
B
Preventive: MFA; Detective: IDS; Corrective: Incident response team; Directive: Cybersecurity policy.
C
Preventive: Cybersecurity policy; Detective: IDS; Corrective: Incident response team; Directive: MFA.
D
Preventive: Incident response team; Detective: IDS; Corrective: MFA; Directive: None.