Which of the following questions are least likely to help in assessing controls covering audit trails?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Audit trails maintain a record of system activity by system or application processes and by user activity.
In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems.
Audit trail controls are considered technical controls.
Monitoring and tracking of incidents is more an operational control related to incident response capability.
Reference(s) used for this question: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-50 to A-51)
NOTE: NIST SP 800-26 has been superceded By: FIPS 200, SP 800-53, SP 800-53A You can find the new replacement at: http://csrc.nist.gov/publications/PubsSPs.html However, if you really wish to see the old standard, it is listed as an archived document at: http://csrc.nist.gov/publications/PubsSPArch.html.
All of the given questions are relevant in assessing controls covering audit trails, but among them, option B "Are incidents monitored and tracked until resolved?" is least likely to help in assessing controls covering audit trails.
Explanation:
A. "Does the audit trail provide a trace of user actions?" - This question helps in understanding the extent to which audit trails capture user actions. Audit trails should provide complete and accurate records of user activity to ensure accountability and traceability.
B. "Are incidents monitored and tracked until resolved?" - While this question is important for incident management, it is not directly relevant to assessing controls covering audit trails. Incident management focuses on detecting, responding to, and resolving security incidents, whereas audit trails focus on recording and analyzing system activity.
C. "Is access to online logs strictly controlled?" - This question helps in evaluating the security of audit trails. Online logs should be protected from unauthorized access to ensure the integrity of audit trail data.
D. "Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?" - This question helps in evaluating the effectiveness of controls around the audit trail function. Separation of duties is an important control to prevent conflicts of interest and ensure the accuracy and completeness of audit trail data.
In conclusion, all of the questions are relevant in assessing controls covering audit trails, but option B is the least relevant as it focuses on incident management rather than audit trail controls.