2003-07-30T16:48:57 Tina Bird: > Anyone want to take a stab at definitions of auditing and logging, and > most in particular, how they differ? Err --- they're only loosely related. Logging is one component of the sort of control systems that audits cover. Auditing is analysis of process controls --- the sort of controls that are designed to prevent people from doing naughty things. Auditing consists of two parts: first, there's the analysis to determine that the control systems specified by policy are a reasonable match for the organization's needs. In the case of mature, stable fields, like e.g. financial analysis and accounting, this might be a rubber-stamp, where the real gamesmanship happens in the lobbying organizations trying to manipulate standards organizations. In immature, rapidly-changing fields like computer security, where a phrase like "best practice" is only used by lying vermin, this preliminary phase of anlysis, does policy meet needs, is often the most important. The second phase of auditing analysis consists of confirming that the implementation of controls matches the intent stated by policy. When one of the controls is a logging system, then part of the audit may include validating the operation of that logging and confirming that the logs are being appropriately archived and/or reported on. Logging (etymology tracing back to the ship's logbook, the record of routine, in turn named after the log, a wedge of wood on the end of a knotted twine, used to measure ship speed through the water) consists of creation and maintenance of regular records of activities. It has importance in control systems (as in, the meat of audits) and computer security (a specific domain of control systems) because guaranteeing that violations of policy are impossible is often impractically expensive; logging can help arrange for a weaker guarantee, that violations cannot be committed indetectably, and that weaker guarantee is sometimes a better value for expense. > References also greatly appreciated [...] That I can't help with, sorry. -Bennett
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 15:15:02 PDT