Which choice below is an incorrect description of a control?
A.
Controls are the countermeasures for vulnerabilities.
B.
Corrective controls reduce the likelihood of a deliberate attack.
C.
Detective controls discover attacks and trigger preventative or
corrective controls.
D.
Corrective controls reduce the effect of an attack.
Explanation:
Controls are the countermeasures for vulnerabilities. There are
many kinds, but generally they are categorized into four types:
Deterrent controls reduce the likelihood of a deliberate attack.
Preventative controls protect vulnerabilities and make an attack
unsuccessful or reduce its impact. Preventative controls inhibit
attempts to violate security policy.
Corrective controls reduce the effect of an attack.
Detective controls discover attacks and trigger preventative or
corrective controls. Detective controls warn of violations or
attempted violations of security policy and include such controls
as audit trails, intrusion detection methods, and checksums.
Source: Introduction to Risk Analysis, “Corrective controls reduce the effect of an attack” &
“Detective controls discover attacks and trigger preventative or
corrective controls” Security Risk Analysis
Group and NIST Special Publication 800-30, Risk Management Guide for
Information Technology Systems.