Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
Auditing and Logging Policy
- Originally Published:
- Jan 2015
Many computer systems, network devices and other technological hardware used in the enterprise possess the capability to audit and log various activities. These activities include network traffic, internet access, creating or deleting users, adding users to groups, changing file permissions, transferring files, opening the case, powering off, deleting system logs, and anything else a user, administrator or the system itself might do.
Auditing and logging is the first line of defense for ensuring system and environmental integrity and troubleshooting problems in a mission-critical environment. Whether an administrator makes a mistake, a hardware component fails, a hacker breaches a system, an inordinate amount of network bandwidth is being consumed, or a user attempts to gain unauthorized access to a database, audit logs will help pinpoint what happened and how to resolve the issue.
Collecting events in log files is only half the goal; establishing a framework for monitoring and reviewing events is the other half, so that day-to-day administration, critical issues and security-related incidents can be handled appropriately. Therefore, following a set of guidelines to implement and administer effective auditing and logging is a critical task for any IT department.
This Auditing and Logging Policy provides guidelines for the appropriate use of auditing and logging in computer systems, networks and other devices which store or transport critical and/or security sensitive data. It includes methods for securing logs and interpreting the resulting data to make the best use of it. It can be used as is by your organization, or serve as a template for a revised version for your organization.
Already a member? Log in here