Audit Trails, Transaction Trails, Logging, and Activity Reports

 Risks, Vulnerabilities and Threats

  • Inability to understand where, when, and by who performed add, update, delete activity for information
  • Inability to review audit trail information and highlight anomalous behavior for users viewing and updating information
  • Inability to identify actual users because of inherited rights or ID/Password sharing

 

Control Objectives and Operational Goals

  • Audit Trails need to be generated for:
    • End users of applications including web applications
    • System Administrators
    • Security Administrators
    • Data Base Administrators
    • System/application programmers
    • Job Schedulers
  • Create and review reports highlighting anomalous activity and behavior patterns
  • Production activity reports indicating processing successes and the details of processing failures
  • Report creation from logs need to be continually reviewed as operating systems, web servers, DBMS’s, and network configurations change
  • Report reviewers need to discuss unacceptable behaviors and suggestions for change with users