Examples of IT Detective Controls

In the field of information security, a number of counter measures are used to protect information assets. The counter measures available to security administrators are classified as preventive, detective or corrective in function. A detective control is designed to detect attacks against information systems and prevent them from being successful. Detective controls are also designed to detect system or hardware failures and provide adequate warning to system administrators to prevent system interruptions.

Physical security surrounding IT areas should have a number of access controls that are detective in nature, including video monitoring stations, door alarms, motion detectors, smoke and fire alarms. While these measures seem conventional and not part of IT infrastructure, they are integral to the protection of information assets and valid components of a layered approach to IT security. If IT resources are not manned on a 24-hour basis, alarms and detectors can be linked to reputable alarm services or local law enforcement when the small business is closed.

Intrusion detection systems are a device or software application that monitors computer systems for malicious activity, policy violations or other prohibited usage. IDS can alert the system administrator on duty and automatically respond to prevent the intrusion. In addition, some IDS can capture and preserve information concerning the attempted attack or intrusion and provide identifying information on the attacker, such as IP and MAC addresses.

Antivirus software is designed to monitor computer systems to identify computer viruses or malware of all types and prevent infections in real time. Antivirus software must be updated frequently to keep pace with new viruses, bots, Trojan horses and other exploits discovered daily. Some types of antivirus have the ability to test files for similarities to known viruses or run the files in a protected area to see if any malicious characteristics are found.

System and network monitoring tools record log-ins and access to particular applications. These tools are used to monitor and preserve the activities of authorized users. System monitoring also alerts system administrators to violations of policy, such as unacceptable use of the Internet, company email and unauthorized access to protected areas of privileged access.