Expert Advice Community

Guest

ISO 27002 and application of control A.9.4.4

  Quote
Guest
Guest user Created:   Jun 20, 2017 Last commented:   Jun 20, 2017

ISO 27002 and application of control A.9.4.4

Regarding ISO 27002 and aplication of control A.9.4.4, in my opinion the control wants to have control over activity of SysAdmins when they use priviledged applications or tools. The auditee thinks that is enought with the Knoledge of the users who log in and log out. I think I am right, but I want others opinions in order to open the auditee's mind. What is your opinion ??
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2017

Answer: According ISO 27002, one of the recommendations for control 9.4.4 (Use of privileged utility programs) is the logging of all use of utility programs, and there is no recommendation for only logging log in and log out activities in that control (such recommendation belongs to control A.12.4.1 - Event logging).

Regarding orientations to the auditee, this will depend on how are you using the ISO 27001 and ISO 27002 standards. ISO 27001 covers requirements for information security management systems, one of them the performing of risk assessments. ISO 27002 cover recommendations for the implementation of controls defined in ISO 27001 Annex A. So, if you want to fo llow ISO 27002 completely then you would need to log the activities. However, if you follow ISO 27001 then you need to check the results of risk assessment, and based on those results decide whether logging the activities is necessary or not.

Additionally, you can point to the auditee that his interpretation about what should be logged refers to another control, and that during a periodic review, or in case of an incident, the recommendations of control A.9.4.4 can be more helpful, because with information about which activities were performed it will be easier is to discover unauthorized use or what happened in case of an incident, reducing response time to take proper corrective and recovery measures.

These articles will provide you further explanation about logging and monitoring:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/blog/2015/11/23/logging-and-monitoring-according-to-iso-27001-a-12-4/

These materials will also help you regarding logging and monitoring:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0
Guest
carlosluque Jun 20, 2017
Thanks a lot. Your response has been very helpful.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2017

Jun 20, 2017

Suggested Topics