Certified Information Systems Auditor (CISA) — Question 478

Which type of control has been established when an organization implements a security information and event management (SIEM) system?

Answer options

• A. Preventive
• B. Detective
• C. Directive
• D. Corrective

Correct answer: B

Explanation

The correct answer is B, Detective, because a SIEM system is designed to identify and analyze security incidents by monitoring and logging events. Preventive controls aim to stop incidents before they occur, Directive controls guide behavior but do not directly monitor, and Corrective controls are meant to fix issues after they happen, which does not accurately describe the primary function of a SIEM.