Audit Trail

Audit trails are logs that can be designed to record activity at the system, application, and user level.

When properly implemented, audit trails provide an important detective control.

An effective audit policy will capture all significant events without cluttering the log with trivial activity.

Audit Trail Objectives:

• Detecting unauthorized access to the system,
• Facilitating the reconstruction of events, and
• Promoting personal accountability.

Detecting Unauthorized Access:

Detecting unauthorized access can occur in real time or after the fact.

• Real time report the event in real time but overload the system.
• After-the-fact detection logs can be stored electronically and reviewed periodically or as needed.

Reconstructing Events: Helps to reconstruct the steps that led to events such as system failures, security violations etc.

Personal Accountability: This capability is a preventive control that can be used to influence behavior. Individuals are likely to violate any organization policy, if they think that they will not be caught.