Certified Information Security Manager (CISM) — Question 709
Which of the following would BEST enable an organization to aggregate information from different systems to allow for centralized categorization of incidents?
Answer options
- A. Intrusion detection system (IDS)
- B. Application program interfaces (APIs)
- C. Intrusion prevention system (IPS)
- D. Security information and event management (SIEM)
Correct answer: D
Explanation
The correct answer is D, as a Security Information and Event Management (SIEM) system is specifically designed to collect, analyze, and categorize security data from multiple sources. Options A and C, IDS and IPS, focus on detecting and preventing intrusions respectively, but do not aggregate data. Option B, APIs, can facilitate data exchange but do not inherently provide centralized categorization capabilities.