What are detective controls?
The term detective control comes from the field of accounting, where one of the mandated controls was to physically audit and count the number of items stored in the warehouse. The intention was to establish whether the actual inventories corresponded with those that were reported in the accounting system.
From a cybersecurity perspective, detective controls are measures put in place to detect and alert on any unauthorized activity on the organization’s IT assets. This could help look for any malicious activity in real time or retrospectively.
In a nutshell, detective controls make it feasible to discover cybersecurity incidents in a timely way. Such controls complement preventive controls to ensure no threat can penetrate the defenses and compromise the organization’s systems or data. As an analogy, imagine a building that is physically secured by strong biometric locks, with high walls defending the perimeter and patrolled 24x7 by...