Continuous Assurance Metrics

Do the CCM v4 Implementation Guidelines clarify the difference between LOG-05 and SEF-06? If so, then can someone explain the difference(s)? I ask, because we are working on finalizing continuous audit metrics for them but I am having a hard time distinguishing between the two.

Thanks in advance for the help.

------------------------------
Mosi Platt
------------------------------

Original Message:
Sent: 4/22/2021 8:47:00 PM
From: Mosi Platt
Subject: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Do the CCM v4 Implementation Guidelines clarify the difference between LOG-05 and SEF-06? If so, then can someone explain the difference(s)? I ask, because we are working on finalizing continuous audit metrics for them but I am having a hard time distinguishing between the two.

Thanks in advance for the help.

------------------------------
Mosi Platt
------------------------------

Thanks for clarifying, Michael!

------------------------------
Mosi Platt
------------------------------

Original Message:
Sent: Apr 23, 2021 08:30:12 AM
From: Michael Bayere
Subject: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Hi Mosi,

Both LOG-05 and SEF-06 are closely related, but with subtle difference. Here is what I believe to be the difference.

LOG-05 is more specific to security audit log monitoring and automation of appropriate response.

SEF-06 is much broader in scope, including processes, procedures, and technical measures (including log analysis and automation of response) that support the investigation and evaluation of security-related events to facilitate rapid analysis of event information and engagement of the incident response process.

Regards,

Michael Bayere

Original Message:
Sent: 4/22/2021 8:47:00 PM
From: Mosi Platt
Subject: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Do the CCM v4 Implementation Guidelines clarify the difference between LOG-05 and SEF-06? If so, then can someone explain the difference(s)? I ask, because we are working on finalizing continuous audit metrics for them but I am having a hard time distinguishing between the two.

Thanks in advance for the help.

------------------------------
Mosi Platt
------------------------------

Original Message:
Sent: 4/23/2021 1:38:00 PM
From: Mosi Platt
Subject: RE: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Thanks for clarifying, Michael!

------------------------------
Mosi Platt
------------------------------

Original Message:
Sent: Apr 23, 2021 08:30:12 AM
From: Michael Bayere
Subject: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Hi Mosi,

Both LOG-05 and SEF-06 are closely related, but with subtle difference. Here is what I believe to be the difference.

LOG-05 is more specific to security audit log monitoring and automation of appropriate response.

SEF-06 is much broader in scope, including processes, procedures, and technical measures (including log analysis and automation of response) that support the investigation and evaluation of security-related events to facilitate rapid analysis of event information and engagement of the incident response process.

Regards,

Michael Bayere

Original Message:
Sent: 4/22/2021 8:47:00 PM
From: Mosi Platt
Subject: Understanding the difference between CCM v4 controls LOG-05 and SEF-06

Do the CCM v4 Implementation Guidelines clarify the difference between LOG-05 and SEF-06? If so, then can someone explain the difference(s)? I ask, because we are working on finalizing continuous audit metrics for them but I am having a hard time distinguishing between the two.

Thanks in advance for the help.

------------------------------
Mosi Platt
------------------------------