Detective controls are designed to identify and detect security incidents or events that have already occurred or are in progress. An incident response team is responsible for detecting and responding to security incidents within an organization, making it a type of detective control.
There is a difference between incident management and incident response. Incident management is actions taken prior to, during and after the incident. This includes pro-active and reactive detection of incidents.
Incident response is actions taken when an incident has been declared, i.e. after detection and reporting. Among verification, assigning ownership, and triage this also includes corrective actions like containment, eradication and recovery.
Therefore, the most likely answer is C, corrective.
I'm going corrective. Reason being they are notified after an incident has taken place. Therefore, they aren't preventing it, detecting it or what ever the other option was. They come in after it has already been decided there is an incident to work. Yes, they detect whatever ever it is afterward but the team as a whole is not put in place to detect I would think that would fall under an IDS or IPS and then the team gets called into action afterward as the corrective control.
incident response teams encompass both detective (identifying and analyzing incidents) and corrective (taking actions to contain, eradicate, and recover from incidents) controls. Their activities involve not only detecting incidents but also responding to and correcting the impact of those incidents, making them a combination of detective and corrective controls.
An incident response team is a detective control. Detective controls are designed to identify and respond to security incidents after they have occurred. The incident response team's role is to detect, analyze, and mitigate security incidents in real-time or after they have occurred, working to minimize the impact and prevent future occurrences.
Guys please don't blindly listen to Chatgpt. I see that many of you here just accept whatever chatgpt provides as an answer but unfortunately many chatgpt answers are flawed. For this question chatgpt said A. Detective as the correct answer, but when i challenged it with supporting data from ISACA training, it apologized and changed it's answer to C. Corrective. This one is a nullbrainer. Don't blindly listen to chatgpt. Use your mind and do your own research.
A. Detective
In the context of an incident response team, their primary role is to detect and respond to security incidents or breaches that have already taken place.
C. Corrective. Main objective of incident management is to restore the affected processes back to its normal state as quickly as possible, minimizing the impact on the business, and NOT to detect incidents.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bambs
Highly Voted 1 year, 6 months agoCISSPST
Highly Voted 1 year, 3 months agoChaser
Most Recent 5 months, 1 week agoafoo1314
6 months, 4 weeks agoyottabyte
7 months, 1 week agoblehbleh
9 months, 2 weeks agoblehbleh
9 months, 1 week agoSpaceMonkey1
9 months, 3 weeks agoSpaceMonkey1
9 months, 3 weeks agocidigi
6 months, 2 weeks agokillainc
10 months, 2 weeks agoSoleandheel
11 months agooluchecpoint
1 year, 1 month agooluchecpoint
1 year, 1 month agoAomineDaiki
1 year, 2 months ago[Removed]
1 year, 2 months agoSammy65
1 year, 2 months agoGoseu
1 year, 2 months agojennarink13
1 year, 3 months agoJae_kes
1 year, 4 months agorichck102
1 year, 4 months ago