Fred is a new security officer who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need?
A.
Management review
B.
Two-factor identification and authentication
C.
Capturing this data in audit logs
D.
Implementation of a strong security policy
Explanation:
A: The goal of this question is for you to realize that management and supervisor involvement is critical to ensure that these types of things do not take place or
are properly detected and acted upon if they do take place. If the users know that management will take action if they misbehave, this can be considered
preventive in nature. The activities will only be known of after they take place, which means that the security office has to carry out some type of detective activity
so that he can then inform management.
+ B is incorrect because identification and authentication is preventive, not detective.
+ C is incorrect because audit logs are detective but not preventive. However, in order to be detective, the audit logs must be reviewed by a security administrator.
While some of the strongest security protections come from preventive controls, detective controls such as reviewing audit logs are also required.
+ D is incorrect because a security policy is preventive, not detective. A security policy is developed and implemented to inform users of what is expected of them
and the potential ramifications if they do not follow the constructs of the policy.
I think the answer should be C to audit such activities. Ofcourse any such actions/punishment is supported by management but being CISSP the question should ask about technicalities.
0
0
I like D. Even in the Explanation, it states that “If the users know that management will take action if they misbehave….” How will they know that if they don’t have a strong security policy stating what is expected of them and what will happen if they don’t follow the rules?
“A security policy is developed and implemented to inform users of what is expected of them and the potential ramifications if they do not follow the constructs of the policy.”
0
0
I agree with C Audit logs should be used to determine the user activities & identify offenders. Prevention can be accomplished through review of the access right given vs. what they need (least priv). That portion would be determined by the data owner.
0
0
Answer A makes most sense to me because of the nature of the question: ..officer who wants to implement a control for detecting and “preventing” users who attempt ..
I think the word “preventing” makes all the difference here. Answers C and D satisfy the “detective” part but lack the “preventive” aspect requested by the question.
0
0
la pregunta se refiere a un control detective o mejor dicho una auditoria
0
0
Having said that the question includes ‘preventive’ and ‘detective’.. vague.
0
0
Management review can determine the right of person.
0
0