Posted on by Wentz Wu
The diagram and the following concepts are addressed in the official study guide, (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide:
- Auditing: recording a log of the events and activities related to the system and subjects.
- Accounting (aka accountability): reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions.
But I don’t agree with it, I would address Accounting, Auditing, and Accountabilityas follows:
Accountability can be concluded through auditing, an independent and systematic security assessment. Accounting is the process of writing logs of the activities of subjects and objects. An audit trail is a collection of logs to conclude accountability. Log review is one of the most common security assessment techniques used in an information systems audit.
In summary,
- Accountability is concluded by auditing.
- Auditing is an independent and systematic security assessment; log review is one of the most common security assessment techniques.
- Accounting produces logs as audit trails to support auditing.
- Logs reflect the activities of the authenticated subject.
Your feedback and comment are always welcome!