To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system.
Which type of control is in place?
To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system.
Which type of control is in place?
A SIEM system is primarily used to collect, aggregate, and analyze security event data from various sources within an IT infrastructure. Its main function is to detect and report potential security incidents or policy violations. Therefore, it serves as a detective control that helps in identifying and investigating suspicious activities related to privileged users.
A SIEM system collects, aggregates, and analyzes security event data from various sources within an IT infrastructure. It then generates alerts or reports on potential security incidents or policy violations, allowing security teams to detect and investigate suspicious activities. While a SIEM system can help identify and respond to security issues related to privileged users, its primary function is to detect and analyze security events rather than prevent them from occurring.
B. Detective control