Explanation:
Let's analyze each control type and the corresponding measures:
Multi-factor authentication (MFA): This is a Preventive Control - it prevents unauthorized access by requiring multiple forms of verification before granting system access.
Intrusion detection systems (IDS): This is a Detective Control - it monitors network traffic to detect potential security breaches or malicious activities that have already occurred.
Incident response team: This is a Corrective Control - it responds to and restores systems after a security breach has occurred.
Cybersecurity policy with mandatory training: This is a Directive Control - it establishes mandatory requirements and guides employee behavior through policies and training.
Therefore, Option B correctly identifies all four control types with their corresponding measures.
Ultimate access to all questions.
In the context of organizational risk management, controls are categorized based on their purpose and timing relative to potential incidents. Preventive, Detective, Corrective, and Directive Controls serve distinct roles in mitigating risks. Scenario: A financial institution is enhancing its cybersecurity framework. The Chief Information Security Officer (CISO) proposes the following measures:
Which combination of controls best represents Preventive, Detective, Corrective, and Directive Controls, respectively?
A
Preventive: MFA; Detective: IDS; Corrective: Incident response team; Directive: None.
B
Preventive: MFA; Detective: IDS; Corrective: Incident response team; Directive: Cybersecurity policy.
C
Preventive: Cybersecurity policy; Detective: IDS; Corrective: Incident response team; Directive: MFA.
D
Preventive: Incident response team; Detective: IDS; Corrective: MFA; Directive: None.
No comments yet.