2

I'm studying for the CCSP exam and one of the examples of technical controls (referenced in the course training material) confuse me:

Technical controls, also referred to as logical controls, are those controls that enhance some facets of the CIA triad, usually operating within a system, often in electronic fashion. Possible technical controls include encryption mechanisms, access control lists to limit user permissions, and audit trails and logs of system activity.

Can someone please explain why logs, in and of themselves, can be considered a technical control? To me, it seems like logs would be something that's not a control by itself, but a resource that aides other technical controls (like an alert monitor that reviews log material and warns administrators, etc).

Mike B
  • 3,336
  • 4
  • 29
  • 39

1 Answers1

3

Logs are a detective control - they allow you to detect activities that you would like to control. Obviously, they do it in an electronic fashion, making them a technical control by the definition you've provided (as opposed to procedural controls, for example).

You seem to be thinking more of preventive controls, which block activity you would like to control before it happens. Technical controls are often preventive, by their nature, but they don't need to be.

Distinctions like technical and procedural indicate how a control works. Distinctions like preventive and detective indicate when a control works.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • Thanks for your insight and patience. I'm pretty sure I'm overthinking this... I guess I'm still struggling to understand how log information _by itself_ is a detective control? Wouldn't a detective control be some security measure or tool that is reviewing/reading/parsing the log data and performing some action based on it? – Mike B Jun 14 '18 at 15:04
  • Nevermind. On the 4th time reading your answer, I think it "clicked". Thanks. – Mike B Jun 14 '18 at 15:05
  • To say that "logs" are a technical control is to say that "the generation, transmission, parsing, storage, and usability for searching and alerting of logs" is a technical control. – gowenfawr Jun 14 '18 at 15:15