It's a corrective control in ISMS (Information Security Management Systems).
Controls serve a security objective and modify either the likelihood of occurrence or the amount of damage done.
A backup does not prevent the loss of data due to an attack or a technical failure. It just reduces the amount of damage.
Preventive controls reduce the likelihood, corrective controls reduce the damage.
When you go through risk analysis, you have a vulnerability that is met by a threat, the risk emerges. If the threat and vulnerability match, damage occurs. The backup reduces this damage but does not modify likelihood.
The loss of data is an outcome of the event which risk is measured.
Backup procedures for an organization's critical data are considered to be a detective control. Detective controls are implemented to discover and react to undesirable events that have occurred. In the case of backup procedures, they are in place to detect and address data loss or corruption after it has occurred, helping to restore the system to a previous state.
why not C. Corrective ?? as per CRM 27th edition page no 100
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Peter_CISA
Highly Voted 1 year agoJONESKA
9 months agoSuperMax
Highly Voted 6 months, 2 weeks agoFAGFUR
Most Recent 5 months agosaado9
1 year ago