Logging is an example of which type of defense against systems compromise?

Logging is a fundamental element of a detection strategy in information security. It involves the systematic recording of events, actions, and transactions occurring within a system or network. This information can reveal patterns that may indicate unauthorized access, malware activity, or other events indicative of a system compromise.

By maintaining detailed logs, an organization can monitor for anomalies that trigger alerts, allowing for timely identification of potential security incidents. This ability to detect and analyze suspicious activities enhances situational awareness and supports incident response efforts.

The other types of defenses mentioned, such as containment, reaction, and recovery, serve different purposes within the broader scope of security measures. Containment aims to limit the scope and impact of a security breach, while reaction involves the immediate response to an incident to mitigate harm. Recovery focuses on restoring systems and data to a normal operational state after an incident occurs. Each of these plays a vital role in an overall security strategy, but logging specifically aligns with the detection of compromises in systems.