Fred is a new security officer who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need?
A.
Management review
B.
Two-factor identification and authentication
C.
Capturing this data in audit logs
D.
Implementation of a strong security policy
Explanation:
A: The goal of this question is for you to realize that management and supervisor involvement is critical to ensure that these types of things do not take place or
are properly detected and acted upon if they do take place. If the users know that management will take action if they misbehave, this can be considered
preventive in nature. The activities will only be known of after they take place, which means that the security office has to carry out some type of detective activity
so that he can then inform management.
+ B is incorrect because identification and authentication is preventive, not detective.
+ C is incorrect because audit logs are detective but not preventive. However, in order to be detective, the audit logs must be reviewed by a security administrator.
While some of the strongest security protections come from preventive controls, detective controls such as reviewing audit logs are also required.
+ D is incorrect because a security policy is preventive, not detective. A security policy is developed and implemented to inform users of what is expected of them
and the potential ramifications if they do not follow the constructs of the policy.