（2006）ISACA_The Need for an Implementation of Audit Trails.pdfVIP

Copyright © 2006 ISACA. All rights reserved. . The Need for and Implementation of Audit Trails By D.K. Agarwal, CIQA illions of transactions pour into an organization’s with the evolution of sophisticated database management online system every week. All government agencies systems that are capable of throwing exceptions on the desired Mand their commercial contractors with access to events, the implementation of these techniques has become classified intelligence information are legally required to secure relatively easy. their systems to ensure the integrity, availability and However, the application of audit trails in most organizations confidentiality of data. The need is equally critical at corporate is limited to an evidence provider after the security incident and business organizations. While most of the efforts are made takes place and is reported. Even in organizations where audit to prevent unauthorized access from outsiders, statistics reveal trails are analyzed periodically, audit reduction tools have to be that insider attacks have caused equally severe damage to applied to search for relevant evidence. The exponential growth organizations’ data and assets.1 of transaction volumes handled by an enterprise, as well as the Some of the legislation issued in the US to reduce the opening up of organizations’ boundaries, has posed a fresh security risks related to sensitive information include: challenge to auditors to have another look at the judicious • National Industrial Security Protection Operating Manual application of this powerful tool. (NISPOM)