In which of the following situations would it be BEST to use a detective control type for mitigation?
A.
A company implemented a network load balancer to ensure 99.999% availability of its web application. B.
A company designed a backup solution to increase the chances of restoring services in case of a natural disaster. C.
A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. D.
A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic. E.
A company purchased liability insurance for flood protection on all capital assets.
D.
In which of the following situations would it be BEST to use a detective control type for mitigation?
A.
A company implemented a network load balancer to ensure 99.999% availability of its web application.
B.
A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.
C.
A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.
D.
A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
E.
A company purchased liability insurance for flood protection on all capital assets.
D.
Detective controls are used to detect and respond to security incidents after they have occurred. These controls are used to identify security breaches or other security-related events and to mitigate their impact. In contrast, preventive controls aim to prevent incidents from occurring in the first place, while corrective controls aim to correct issues that have already occurred.
Given this information, the best situation to use a detective control type for mitigation is when there is already an existing preventive control in place that is not enough to prevent a potential security incident from happening. Detective controls can help in identifying and mitigating the impact of the incident.
Option D is the best example of a situation that would require a detective control. The company has already purchased an Intrusion Prevention System (IPS) with the intention of blocking any malicious traffic. However, after reviewing the requirements, they discovered that the appliance is only supposed to monitor traffic, not block it. Since the company has already taken a preventive measure by purchasing the IPS, implementing a detective control like an Intrusion Detection System (IDS) would be the best option to complement the existing preventive control and detect any malicious traffic that the IPS is unable to block.
Option A is an example of a situation that would require a preventive control type. A company implemented a network load balancer to ensure high availability of its web application. The purpose of the network load balancer is to prevent downtime by distributing traffic across multiple servers. In this case, preventive controls like redundancy and failover mechanisms are in place to prevent incidents from occurring.
Option B is also an example of a preventive control type. The company designed a backup solution to increase the chances of restoring services in case of a natural disaster. The purpose of the backup solution is to prevent data loss and ensure business continuity in the event of a disaster.
Option C is an example of a preventive control type. The company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. The firewall's purpose is to prevent unauthorized access to sensitive data by limiting access to authorized personnel only.
Option E is an example of a risk management control type. The company purchased liability insurance for flood protection on all capital assets. This type of control helps in mitigating financial losses in case of a flood-related incident. It does not fall under the preventive, detective, or corrective control type.