15.3.1 Information Systems Audit Controls

Illustrative Controls and TIBCO LogLogic Solution

Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. The auditor can obtain valuable information about activity on a computer system from the audit trail. Audit trails improve the auditability of the computer system.

Organizations must maintain a complete and accurate audit trail for network devices, servers and applications. This enables organizations to address how businesses identify root causes of issues that might introduce inaccuracy in reporting. Also, problem management system must provide for adequate audit trail facilities that allow tracing from incident to underlying cause. IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the control for audit controls over information systems and networks.

To fulfil this control objective, administrators must ensure all network devices, servers, and applications are properly configured to log to a centralized server. Administrators must also periodically review logging status to ensure that these devices, servers and applications are logging correctly.

The LogLogic^® LMI solution automatically records the event date and time, event status (success or failure), event origin (log source IP address) and event type (firewall connection, access or authentication, IDS, E-Mail, or web access) for every single event. In addition, TIBCO LogLogic’s solution identifies all users, system components or resources within the events to help administrator correctly analyze the events.

Reports and Alerts

Use the following link/reference to see the 15.3.1 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.