Certified Information Security Manager (CISM) — Question 912

What type of control is being implemented when a security information and event management (SIEM) system is installed?

Answer options

• A. Corrective
• B. Preventive
• C. Deterrent
• D. Detective

Correct answer: D

Explanation

A SIEM system primarily functions to identify and respond to security incidents by analyzing data from various sources, which categorizes it as a detective control. Corrective controls aim to fix issues after they occur, preventive controls are designed to stop incidents before they happen, and deterrent controls discourage potential threats but do not actively monitor or analyze security events.