Which of the following are detective controls?
Internal controls are an important part of any business as well as a district. An internal control system includes policies and procedures that management designs and implements to provide reasonable assurance that its objectives will be met. Such objectives include safeguarding district assets, promoting efficiency and providing reliable financial information and records. Show
Internal control systems are based on the principle of separation of duties. This separation makes it more difficult for theft or undetected errors. No one person should be in a position to control a transaction from initiation to completion and recording into the books. Internal controls can be preventive, detective or corrective in nature: Preventive controls are designed to discourage or pre-empt errors or irregularities from occurring. They are more cost-effective than detective controls. Credit checks, job descriptions, required authorization signatures, data entry checks and physical control over assets to prevent their improper use are all examples of preventive controls. Detective controls are designed to search for and identify errors after they have occurred. They are more expensive than preventive controls, but still essential since they measure the effectiveness of preventive controls and are the only way to effectively control certain types of errors. Account reviews and reconciliations, observations of payroll distribution, periodic physical inventory counts, passwords, transaction edits and internal auditors are all examples of detective controls. Corrective controls are designed to prevent the recurrence of errors. They begin when improper outcomes occur and are detected and focus the "spotlight" on the problem until management can solve the problem or correct the defect. Quality circle teams and budget variance reports are examples of corrective controls. You can evaluate controls in your department's operations by following the same process. CONTROL ACTIVITIES Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. This is not an all-inclusive list, but represent some examples of common control activities: Detective controls are security controls that are designed to detect, log, and alert after an event has occurred. Detective controls are a foundational part of governance frameworks. These guardrails are a second line of defense, notifying you of security issues that bypassed the preventative controls. For example, you might apply a detective control that detects and notifies you if an Amazon Simple Storage Service (Amazon S3) bucket becomes publicly accessible. While you might have preventative controls in place that disable public access to S3 buckets at the account level and then disable access through SCPs, a threat actor can circumvent these preventative controls by logging in as an administrative user. In these situations, a detective control can alert you to the misconfiguration and potential threat. Objectives
ProcessYou implement detective controls implemented in two phases. First, you set up the system to log events and resource states to a centralized location, such as Amazon CloudWatch Logs. After centralized logging is in place, you analyze those logs to detect anomalies that might indicate a threat. Each analysis is a control that is mapped back to your original requirements and policies. For example, you can create a detective control that searches the logs for a specific pattern and generates an alert if it matches. Detective controls are used by security teams to improve their overall visibility into threats and risks that their system might be exposed to. Use casesDetection of suspicious behaviorDetective controls help identify any anomalous activity, such as compromised privileged user credentials or access to or exfiltration of sensitive data. These controls are important reactive factors that can help your company identify and understand the scope of anomalous activity. Detection of fraudThese controls help detect and identify a threat inside your company, such as a user who is circumventing policies and performing unauthorized transactions. ComplianceDetective controls help you meet compliance requirements, such as Payment Card Industry Data Security Standard (PCI DSS), and can help prevent identity theft. These controls can help you discover and protect sensitive information that is subject to regulatory compliance, such as personally identifiable information. Automated analysisDetective controls can automatically analyze logs to detect anomalies and other indicators of unauthorized activity. You can automatically analyze logs from different sources such as AWS CloudTrail logs, VPC Flow Log, and Domain Name System (DNS) logs, for indications of potentially malicious activity. To help with organization, aggregate security alerts or findings from multiple AWS services to a centralized location. TechnologyA common detective control is implementing one or more monitoring services, which can analyze data sources, such as logs, to identify security threats. In the AWS Cloud, you can analyze sources such as AWS CloudTrail logs, Amazon S3 access logs, and Amazon Virtual Private Cloud flow logs to help detect unusual activity. AWS security services, such as Amazon GuardDuty, Amazon Detective, AWS Security Hub, and Amazon Macie have built-in monitoring functionalities. GuardDuty and Security HubAmazon GuardDuty uses threat intelligence, machine learning, and anomaly-detection techniques to continuously monitor your log sources for malicious or unauthorized activity. The dashboard provides insights into the real-time health of your AWS accounts and workloads. You can integrate GuardDuty with AWS Security Hub, a cloud security posture management service that checks for adherence to best practices, aggregates alerts, and enables automated remediation. GuardDuty sends findings to Security Hub as a way to centralize information. You can further integrate Security Hub with security information and event management (SIEM) solutions to extend monitoring and alerting capabilities for your organization. MacieAmazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help discover and protect sensitive data in AWS. The following are some of the detective controls and features available in Macie:
The following are best practices for configuring detective controls in Macie:
AWS ConfigAWS Config audits and records the compliance of AWS resources. AWS Config discovers existing AWS resources and generates a full inventory, along with the configuration details of each resource. If there are any configuration changes, it records those changes and provides notification. This can help you detect and roll back unauthorized infrastructure changes. You can use AWS managed rules and can create custom rules. The following are best practices for configuring detective controls in AWS Config:
Trusted AdvisorAWS Trusted Advisor can be used as a service for detective controls. Through a set of checks, Trusted Advisor identifies areas where you can optimize your infrastructure, improve performance and security, or reduce costs. Trusted Advisor provides recommendations based on AWS best practices that you can follow to improve your services and resources. Business and Enterprise Support plans provide access to all available checks for the pillars of the AWS Well-Architected Framework. The following are best practices for configuring detective controls in Trusted Advisor:
Amazon InspectorAmazon Inspector is an automated vulnerability management service that, after being enabled, continuously scans your workloads for any unintended network exposure or software vulnerabilities. It contextualizes findings into a risk score that can help you determine next steps, such as remediating or confirming compliance status. The following are best practices for configuring detective controls in Amazon Inspector:
Business outcomesLess human effort and errorYou can achieve automation by using infrastructure as code (IaC). Automating deployment, configuration of monitoring and remediation services and tools reduces the risk of manual errors and reduces the amount of time and effort required to scale these detective controls. Automation helps with the development of security runbooks and reduces manual operations for security analysts. Regular reviews help tune the automation tools and continuously iterate and improve the detective controls. Appropriate actions against potential threatsCapturing and analyzing events from logs and metrics is crucial to gaining visibility. This helps analysts act on security events and potential threats to help secure your workloads. Being able to quickly identify which vulnerabilities exist helps analysts take appropriate actions to address and remediate them. Better incident response and investigative handlingAutomation of detective control tools can increase the speed of detection, investigation, and recovery. Automated alerting and notifications based on defined conditions enable security analysts to investigate and respond appropriately. These responsive factors can help you identify and understand the scope of anomalous activity. What are examples of detective controls?Examples of detective controls include:. Monthly reconciliations of departmental transactions.. Review organizational performance (such as a budget-to-actual comparison to look for any unexpected differences). Physical inventories (such as a cash or inventory count). Which one of the following is a detective control?Audit trailsThe correct answer is:D. Audit trailsExplanation:Audit trails capture information, which can be used for detecting errors. Therefore, they are considered tobe detective controls.
What are the 3 control types?Types of Controls. Preventive controls are proactive in that they attempt to deter or prevent undesirable events from occurring.. Corrective controls are put in place when errors or irregularities have been detected.. Detective controls provide evidence that an error or irregularity has occurred.. Which of the following is an example of detective controls quizlet?Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control? Segregation of duties over cash disbursements.
|