An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
Corrective actions fix issues after something happens (ie backups for corrupted databases). If a server lost power and shuts down, a redundant power supply does not turn it back on. A redundant power supply "prevents" the server from shutting down.
Preventive controls are implemented to avoid the manifestation of threats and are proactive in nature. They help to reduce the likelihood of an incident by acting ahead of time. Redundant power supplies are a classic example of a preventive control in IT risk management.
Preventive control implemented to avoid potential problem and managing risk. Eg. Add firewall, redundant firewall, redundant power supply, fence, locks, segregation of duties etc.
Corrective control to correct the issue or problem that had been found. Eg. patching, reboot system, replace faulty hard disk etc.
Preventative – An internal control that is used to avoid undesirable events, errors and other occurrences that an enterprise has determined could have a negative material effect on a process or end product
Corrective – Designed to correct errors, omissions and unauthorized uses and intrusions once they are detected
>> Preventative
OMG, soo many comments on this easy question. Of course it's D - Corrective, because corrective controls work after the fact (in this case power outage). Preventive means "to prevent" power outage in this case. How are they going to prevent it? They are trying to correct the thing that already occurred.
The events that the business wants to avoid are "critical system outages" not "power outages".
With reference to the first, the power supply is a preventive control. With reference to the second it would be of a corrective nature. IMO answer is C
Preventive controls are proactive measures designed to stop unwanted or unauthorized activities from occurring in the first place. In this case, redundant power supplies are preventing system outages.
D
When detective control activities identify an error or irregularity, corrective control activities should then kick in to see what could or should be done to fix it. Here it got detected that there is a business risk with 1 Power supply , so they corrected it with 2 Power Supply. It could have been preventive if they did this in first place ie 2Power Supplies are implemented for first time
Interesting question. Correct Answer D:
Because Preventive means, prevent the occurrence of the incident (i.e. power OFF). In this case, power off occurred; after power off the backup power start which means correction activity.
A redundant power supply is when a single piece of computer equipment operates using two or more physical power supplies. Each of the power supplies will have the capacity to run the device on its own, which will allow it to operate even if one goes down.
For normal operation, each of the power supplies will provide half (assuming there are two) of the power that is needed. If one is powered off for some reason, the other one will immediately compensate to provide full power to the device so there is no downtime at all.
By having redundant power supplies in place, the organization can correct the situation by providing backup power sources to minimize the impact of outages and restore normal operations. The focus is on addressing the consequences of the risk event rather than preventing it from happening in the first place.
How this is a corrective control makes no sense to. Foreseeing a risk and implementing controls in place to prevent an incident is the literal definition of a preventative risk.
IMO, the answer is C - Preventative. Per ISACA manual, page 196, Preventative controls directly address risk, which is what this is, the risk of a power outage.
Corrective controls, per ISACA manual, page 196, "...remediate impact". Which means an incident has occurred and it is AFTER the fact, you are fixing/correcting something that has occurred, past tense. So NOT D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Maccaoidh
Highly Voted 1 year, 7 months agoMarcovic00
Highly Voted 12 months agohelg420
6 months, 1 week agomaisarajarrah
10 months, 2 weeks agoafoo1314
Most Recent 3 months agovickyguna78
3 months, 2 weeks ago3czz
9 months agoAlexJacobson
9 months, 3 weeks agoSalilgen
8 months, 2 weeks agoKunzle
1 year, 2 months agooluchecpoint
1 year, 2 months agowickhaarry
1 year, 3 months agoGoseu
1 year, 4 months agoGoseu
1 year, 3 months agorichck102
1 year, 4 months agokaranvp
1 year, 4 months agowello
1 year, 5 months agowello
1 year, 5 months agoDravidian
1 year, 6 months agoCarlPTY07
1 year, 8 months agoCarlLimps
1 year, 8 months ago