Audit trails are logs that can be designed to record activity at the system, application, and user level.
When properly implemented, audit trails provide an important detective control.
An effective audit policy will capture all significant events without cluttering the log with trivial activity.
Audit Trail Objectives:
Detecting unauthorized access can occur in real time or after the fact.
Reconstructing Events: Helps to reconstruct the steps that led to events such as system failures, security violations etc.
Personal Accountability: This capability is a preventive control that can be used to influence behavior. Individuals are likely to violate any organization policy, if they think that they will not be caught.
Explore All Chapters