Which security measure is focused on identifying security incidents?

Detective controls are specifically designed to identify security incidents as they occur or shortly thereafter. These controls help monitor systems and networks for suspicious activities or breaches, allowing organizations to respond quickly to potential threats. Examples of detective controls include intrusion detection systems, security information and event management (SIEM) systems, and regular audits. Their primary goal is to provide visibility into security events, thereby enabling organizations to take timely action to mitigate risks.

In contrast, preventive controls are aimed at stopping security incidents before they happen; these include firewalls and access control mechanisms. Responsive controls refer to measures taken in direct response to an incident, which may include action plans and processes executed once a threat has been identified. Corrective controls are implemented after an incident to restore systems and improve defenses, focusing on remediation rather than detection. Hence, the focus of the correct choice is specifically on the identification of incidents, which is the role of detective controls.