Logging

B.

Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion.

Examples of containment defenses are awareness, training and physical security defenses.

Examples of reaction defenses are incident response, policy and procedure change, and control enhancement.

Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.

Logging is an example of a detection defense against systems compromise.

Detection defenses are designed to identify potential security breaches and vulnerabilities in a system as early as possible. The purpose of detection defenses is to alert security personnel to suspicious or anomalous activity, allowing them to take action before any serious damage can be done.

Logging is one of the most fundamental and important detection defenses available. By logging all system events and activities, it becomes possible to identify unusual or suspicious behavior. For example, if a user is attempting to access resources they are not authorized to, or if a system is being accessed from an unusual location or at an unusual time, the log entries will record this information, allowing security personnel to investigate and take appropriate action.

In addition to providing valuable information for incident response and forensic investigations, logging can also be used to monitor compliance with security policies and regulations. By reviewing log entries, it is possible to identify areas where security controls need to be strengthened or improved.

Containment defenses are designed to prevent a security breach from spreading to other parts of the system or network. Reaction defenses are designed to respond to a security breach after it has occurred, while recovery defenses are designed to restore a system or network to its normal state after a security breach has been resolved.

In conclusion, while all of these defense types play important roles in protecting systems against compromise, logging is an example of a detection defense that helps identify potential security breaches and vulnerabilities in a system.