What is an example of a detective control in cybersecurity?

Detective controls are security measures that are designed to identify and detect unauthorized access or anomalies in systems and networks. An intrusion detection system (IDS) is a classic example of a detective control because it actively monitors network traffic or system activity for signs of suspicious behavior or known threats. When an IDS detects such activities, it can alert administrators, enabling them to respond quickly to potential security incidents.

In cybersecurity, other examples of detective controls include logging and monitoring activities, security information and event management (SIEM) systems, and various forms of anomaly detection. While firewalls, encryption methods, and security audits play important roles in security, they serve primarily as preventative (firewalls) or protective measures (encryption) rather than focusing on detection. Regular security audits can help assess the effectiveness of existing controls but are not primarily designed to identify active threats. Thus, the detection capability of an IDS makes it a quintessential example of a detective control in cybersecurity.