Which of the following controls would BEST detect intrusion?
User IDs and user privileges are granted through authorized procedures.
Automatic logoff is used when a workstation is inactive for a particular period of time.
Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
Unsuccessful logon attempts are monitored by the security administrator.
Intrusion is detected by the active monitoring and review of unsuccessful logons. User IDs and the
granting of user privileges define a policy, not a control. Automatic logoff is a method of preventing
access on inactive terminals and is not a detective control. Unsuccessful attempts to log on are a
method for preventing intrusion, not detecting.