Accounting, Auditing, and Accountability

I3A

The diagram and the following concepts are addressed in the official study guide, (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide:

  • Auditing: recording a log of the events and activities related to the system and subjects.
  • Accounting (aka accountability): reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions.

But I don’t agree with it,  I would address Accounting, Auditing, and Accountability as follows:

Accountability can be concluded through auditing, an independent and systematic security assessment. Accounting is the process of writing logs of the activities of subjects and objects. An audit trail is a collection of logs to conclude accountability. Log review is one of the most common security assessment techniques used in an information systems audit.

In summary,

  • Accountability is concluded by auditing.
  • Auditing is an independent and systematic security assessment; log review is one of the most common security assessment techniques.
  • Accounting produces logs as audit trails to support auditing.
  • Logs reflect the activities of the authenticated subject.

Your feedback and comment are always welcome!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s