A detective control is a security measure that identifies and alerts an organization to potential cyberthreats after they occur but before they cause harm. Detective controls do not prevent attacks but help detect them in a timely manner.
Why Option B (Monitoring for vulnerabilities based on industry intelligence) is Correct:
Continuous monitoring for vulnerabilities helps detect emerging threats, security breaches, and weaknesses in IT systems.
Uses threat intelligence feeds, security information and event management (SIEM) systems, and intrusion detection systems (IDS).
Helps organizations respond quickly to cyberattacks by identifying patterns, suspicious activity, or known vulnerabilities.
Why Other Options Are Incorrect:
Option A (A list of trustworthy, good traffic and a list of unauthorized, blocked traffic):
Incorrect because this describes a whitelisting/blacklisting technique, which is a preventive control, not a detective control.
Option C (Comprehensive service level agreements with vendors):
Incorrect because service level agreements (SLAs) ensure contractual obligations, but do not detect security threats.
Option D (Firewall and other network perimeter protection tools):
Incorrect because firewalls are preventive controls, designed to block unauthorized access, not detect threats after they occur.
IIA GTAG – "Auditing Cybersecurity Risks": Discusses detective controls such as vulnerability monitoring and threat intelligence.
COBIT 2019 – DSS05 (Manage Security Services): Recommends continuous monitoring for cyber threats as a detective control.
NIST Cybersecurity Framework – Detect Function: Highlights vulnerability management and threat monitoring as key detective measures.
IIA References:Thus, the correct answer is B. Monitoring for vulnerabilities based on industry intelligence.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit