CISSP · Question #1442
While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?
The correct answer is B. Corrective and recovery controls. After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.
Question
While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?
Options
- ADetective and recovery controls
- BCorrective and recovery controls
- CPreventative and corrective controls
- DRecovery and proactive controls
How the community answered
(31 responses)- A6% (2)
- B74% (23)
- C16% (5)
- D3% (1)
Why each option
After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.
Detective controls (e.g., IDS, log monitoring) are used to identify and alert on incidents as they happen, not to respond to or remediate their consequences after the fact.
Corrective controls are designed to minimize the impact of an incident and fix the affected systems or processes after a security event has occurred (e.g., patching a vulnerability, isolating a compromised host). Recovery controls then restore systems and operations back to their normal state (e.g., restoring from backups, rebuilding servers). Together, these two control types address the 'dealing with consequences' phase of incident response.
Preventative controls (e.g., firewalls, access controls) are implemented before an incident to stop it from occurring, making them inappropriate as a primary response once an incident is already underway.
Proactive controls are a subset of preventative strategy focused on anticipating and reducing future threats, not on addressing the immediate aftermath of a security incident that has already occurred.
Concept tested: Security control types during incident response
Source: https://www.nist.gov/system/files/documents/2020/10/09/NISTIR_8286_second-draft.pdf
Topics
Community Discussion
No community discussion yet for this question.