Log monitoring and review
Assign topic to the user
NOTE : 'Control 12.4 Logging and Monitoring' has been marked applicable in the Statement of Applicability.
Answer: By monitoring you are collecting and recording information about specific events, while review refers to a critical evaluation of the gathered results (and sometimes the set of data can show relevant information that cannot be seen from isolated events), so these are different actions, and control A.12.4.1 (Event logging Control) requires not only log recording, but also the review of the collected data.
This article will provide you further explanation about log and monitoring:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
These materials will also help you regarding log and mon itoring:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 01, 2018