CISM Certified Information Security Manager – Question1286

An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident?

A.
Deploying a security information and event management system (SIEM)
B. Deploying an intrusion prevention system (IPS)
C. Implementing a data loss prevention (DLP) suite
D. Conducting regular system administrator awareness training

Correct Answer: A