Options
Auditing Technical or Administrative??
Ive a funny feeling this question will cause an argument but does anybody know the official ISC2 line on whether auditing is an administrative control or a technical control??
Thanks
Niall.nf
Thanks
Niall.nf
Comments
-
Options
paul78
Member Posts: 3,016 ■■■■■■■■■■
From my perspective, auditing is a form of monitoring which is performed by subject matter experts who utilize administrative processes - hence it's an administrative control.
I'm pretty sure that the ISC2 body of knowledge would consider it an administrative control as well. -
Options
atx1975
Member Posts: 17 ■■■□□□□□□□
I have not researched the answer, but I also believe this is Administrative control. -
Options
beads
Member Posts: 1,531 ■■■■■■■■■□
If you can point out a true technical control involving audit, DLP combined with SIEM logging as a technical control for audit then I wouldn't hesitate to agree that audit is a technical control. Otherwise 99% of audit is administrative in nature in the first place, no?
Machines do not specifically check policy on there own - let alone write and enforce.
- B Eads -
Optionsseuss_ssues
Member Posts: 629
Creating policies that require auditing would be administrative control. The actual auditing itself is a technical control. Reviewing the audit logs via an auditor is also an administrative control.
-
Optionsniall.nf
Member Posts: 21 ■□□□□□□□□□
Hi guys..thanks for the feedback, and as I thought there was divided opinions on the topic, however just to clear up I did a little research and according to ISC2 auditing is a technical control! They seem to look at it from the auditing log files pov.