Auditing Technical or Administrative??

niall.nfniall.nf Member Posts: 21 ■□□□□□□□□□
in SSCP
Ive a funny feeling this question will cause an argument but does anybody know the official ISC2 line on whether auditing is an administrative control or a technical control??

Thanks

Niall.nf
· Share on FacebookShare on Twitter

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    From my perspective, auditing is a form of monitoring which is performed by subject matter experts who utilize administrative processes - hence it's an administrative control.

    I'm pretty sure that the ISC2 body of knowledge would consider it an administrative control as well.
    · Share on FacebookShare on Twitter
  • atx1975atx1975 Member Posts: 17 ■■■□□□□□□□
    I have not researched the answer, but I also believe this is Administrative control.
    · Share on FacebookShare on Twitter
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    If you can point out a true technical control involving audit, DLP combined with SIEM logging as a technical control for audit then I wouldn't hesitate to agree that audit is a technical control. Otherwise 99% of audit is administrative in nature in the first place, no?

    Machines do not specifically check policy on there own - let alone write and enforce.

    - B Eads
    · Share on FacebookShare on Twitter
  • seuss_ssuesseuss_ssues Member Posts: 629
    Creating policies that require auditing would be administrative control. The actual auditing itself is a technical control. Reviewing the audit logs via an auditor is also an administrative control.
    · Share on FacebookShare on Twitter
  • niall.nfniall.nf Member Posts: 21 ■□□□□□□□□□
    Hi guys..thanks for the feedback, and as I thought there was divided opinions on the topic, however just to clear up I did a little research and according to ISC2 auditing is a technical control! They seem to look at it from the auditing log files pov.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.