Detective describes a control type in information security that identifies security events after they have occurred. Detective controls answer the question: “Did something happen that should not have?”
Examples include intrusion detection systems (IDS), log analysis, SIEM correlation rules, and video surveillance. Detective controls sit alongside preventive (prevent incidents), corrective (repair damage), and deterrent controls. In a mature ISMS, all types complement each other: where prevention fails, detection kicks in and enables a rapid response before damage escalates.