Logging is an example of which control category?

Logging is primarily categorized as a detection control. It involves recording and storing events and activities that occur within a system or network, which serves to identify and monitor for security incidents and anomalies. The main goal of logging is to provide data that can be used to detect unauthorized activities or breaches after they have occurred.

When an event is logged, it allows security personnel to analyze the logs for patterns that may indicate a security threat or a breach attempting to be disguised. This makes logging an essential component in the incident detection process, as it helps organizations recognize issues in a timely manner.

While it might be considered an element of auditing, in the context of this question, the focus is on the function of logging in identifying and responding to incidents, which aligns with the definition of detection controls. Preventive controls are designed to stop incidents from occurring in the first place, while limiting controls aim to restrict the impact of incidents that do occur. Hence, logging does not fit within the categories of prevention or limitation in this context.