Certified Information Systems Auditor (CISA) — Question 474

To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system.
Which type of control is in place?

Answer options

• A. Directive
• B. Detective
• C. Preventive
• D. Corrective

Correct answer: B

Explanation

The implementation of a SIEM system allows for the monitoring and analysis of security events, which helps in identifying and responding to potential security incidents, thus classifying it as a detective control. The other options, such as directive and preventive controls, do not specifically involve monitoring for incidents, while corrective controls focus on addressing incidents after they occur.