Monday, March 8, 2021

Audit Trail

We do a much better job of designing our access controls than we do designing our audit trail.  We should start by identifying what an audit trail should do for us.  It should enable management to determine:

  • how every record or object (e.g. program, file, record) got to look the way it looks currently,
  • how every record or object looked at any given time in the past,
  • and enable us to fix accountability for every significant event or change to a single process or individual.  
The result should be reliable and resistant to fraudulent modification. 

This requires that, not only must there be logs and journals of every relevant event, but that they be related in such a way as to support each other.  There should be logs or journals on both sides of any interface where control passes from one process or person to another.  For example, an application should log every request that it makes of the database manager and of the result that it gets back.  The database manager should record every request that it receives and what response it returned. 

Logs and journals should be protected from late, or potentially fraudulent, modification.  Consider reconciliation of the results of the independent processes on both sides of the interface, "write-only" processes or storage, or blockchains.  The correction of errors should be memorialized by new correcting entries, never by changing earlier entries.  

Log and journal records should include the action taken, the user or process on whose behalf it was taken, the date and time, and a reference or sequence number to make the entry unique.  In order to be able to establish how any record looked in the past, the record of the current change to a record should include reference by time, date, and sequence number of the next most recent change.  

Finally, the logs or journals should include images of the object both before and after the change.  While in some cases it may be sufficient to keep only the after image, since the after image in the record of the previous change is the same as the before image, keeping both improves integrity and further resists fraudulent change.  



Posted by at
Labels: , , , , ,

18 comments:

  1. ✔ CheccoMarch 9, 2021 at 6:39 AM

    One of the fundamental weaknesses of the logging/monitoring needed by audit procedures is the "monitoring" piece... many companies understand that logging is necessary for compliance, but fail to put sufficient processes or resources in place to actually look at the logs, comprehend anomalous behaviors and report. Instead they rely on ML software and automation to do that for them, which allows the "low and slow" attacks to bypass scrutiny.

    ReplyDelete
  2. mohsinkhatriDecember 17, 2021 at 9:43 PM

    Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. https://cctvcamera3.shutterfly.com/

    ReplyDelete
  3. mohsinkhatriDecember 23, 2021 at 10:14 PM

    Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. security alarm

    ReplyDelete
  4. hidayat aliJanuary 27, 2022 at 11:19 PM

    I really thank you for the valuable info on this great subject and look forward to more great posts. Thanks a lot for enjoying this beauty article with me. I am appreciating it very much! Looking forward to another great article. Good luck to the author! All the best! https://securitycompanyincambodia909374955.wordpress.com/2022/01/20/how-to-choose-a-security-company-in-cambodia/

    ReplyDelete
  5. mohsinkhatriFebruary 3, 2022 at 10:59 PM

    Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! https://leadingsecuritycompany.yolasite.com/

    ReplyDelete
  6. fareedFebruary 11, 2022 at 8:42 PM

    Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. https://reliablesecurityserviceincambodia1212s-website.yolasite.com/

    ReplyDelete
  7. AnonymousFebruary 26, 2022 at 11:19 PM

    Nice to read your article! I am looking forward to sharing your adventures and experiences. school security guard

    ReplyDelete
  8. hidayat aliMarch 3, 2022 at 2:28 AM

    Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! security guard in cambodia

    ReplyDelete
  9. mohsinkhatriMarch 10, 2022 at 2:06 AM

    Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. best security company in cambodia

    ReplyDelete
  10. mohsinkhatriMarch 25, 2022 at 11:39 PM

    I am impressed. I don't think Ive met anyone who knows as much about this subject as you do. You are truly well informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you have got here. https://site-7291887-9926-3906.mystrikingly.com

    ReplyDelete
  11. mohsinMarch 31, 2022 at 11:56 PM

    Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. private security company

    ReplyDelete
  12. mohsinkhatriApril 6, 2022 at 9:25 PM

    Thanks for sharing this valuable content. In my view, if all webmasters and bloggers made good content as you did, the web will be a lot more useful than ever before. hire security company in cambodia

    ReplyDelete
  13. mohsinApril 6, 2022 at 10:38 PM

    Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. security alarm in Singapore

    ReplyDelete
  14. mohsinApril 13, 2022 at 9:56 PM

    Thanks for a very interesting blog. What else may I get that kind of info written in such a perfect approach? I’ve a undertaking that I am simply now operating on, and I have been at the look out for such info. https://maryjames121973.wixsite.com/my-site-1/post/the-best-security-company-in-cambodia

    ReplyDelete
  15. hidayat aliApril 21, 2022 at 1:08 AM

    When you use a genuine service, you will be able to provide instructions, share materials and choose the formatting style. https://penzu.com/p/bd95cc8e

    ReplyDelete
  16. cooking copyApril 30, 2022 at 1:00 AM

    I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks! http://singapore3456.website2.me/

    ReplyDelete
  17. mohsinMay 1, 2022 at 12:39 AM

    I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... best security alarm system

    ReplyDelete
  18. mohsinMay 21, 2022 at 4:57 AM

    If you are looking for more information about flat rate locksmith Las Vegas check that right away. cambodia security company

    ReplyDelete

Subscribe to: Post Comments (Atom)