<Previous Lesson

Information Systems

Next Lesson>


Audit trails and logs

Audit trails and logs
An audit trail is a logical record of computer activities/usage/processing pertaining to an operating
or application system or user activities. An information system may have several audit trails, each
devoted to a particular type of activity. All these audit trails are primarily extracted from the audit
log recorded on chronological basis. The audit log is maintained only for the list of activities
specified for which the log is to be maintained. The information can be recorded varies including
but not limited to

1. Time stamp for the log in/out time
2. Terminal in use
3. Files accessed
4. Transactions performed
5. Amendments made
Audit trails can provide a means to help accomplish several security-related objectives, including
individual accountability, reconstruction of events (actions that happen on a computer system),
intrusion detection, and problem analysis, as well as evidence of the correct processing regimes
within a system

There are typically two kinds of audit records:
(1) An event-oriented log
---- this usually contain records describing system events, application
events, or user events. An audit trail should include sufficient information to establish what events
occurred and who (or what) caused them.

(2) A record of every keystroke---- often called keystroke monitoring. Keystroke monitoring is
the process used to view or record both the keystrokes entered by a computer user and the
computer's response during an interactive session. Keystroke monitoring is usually considered a
special case of audit trails.

35.1 Documentation
Audit trails and logs are a form of documentation which helps in reviewing various activities
undertaken by various users. Any alterations and modifications made in the documentation should
be logged as well for monitoring the integrity. Documentation may include program code of
application softwares, technical manuals, user manuals and any other system-related
documentation. This would help to see that data is not modified on the instructions of the users.
Log of all amendments should be supported by proper authorization by responsible officers.

Accountability through audit trails
Audit trails are technical mechanism that helps managers maintains individual accountability.
Users can be identified by the log being maintained. Users are informed of what the password
allows them to do and why it should be kept secure and confidential. Audit trails help to provide
variants from normal behavior which may lead to unauthorized usage of resources. For example
Audit trails can be used together with access controls to identify and provide
information about users suspected of improper modification of data (e.g., introducing
errors into a database).
An audit trail may record "before" and "after" images, also called snapshots of records.
This helps in audit evaluation work.

35.2 Audit trails and types of errors
Audit trail analysis can often distinguish between operator-induced errors (during which the system
may have performed exactly as instructed) or system-created errors (e.g., arising from a poorly
tested piece of replacement code). For Example a system fails or the integrity of a file (either
program or data) is questioned, an analysis of the audit trail can reconstruct the series of steps
taken by the system, the users, and the application. Knowledge of the conditions that existed at the
time of, for example, a system crash, can be useful in avoiding future mishaps.

Intrusion detection
Intrusion detection refers to the process of identifying attempts to penetrate a system and gain
unauthorized access. If audit trails have been designed and implemented to record appropriate
information, they can assist in intrusion detection. Intrusion detection system can be made part of
the regular security system to effectively detect intrusion. Real time intrusion detection is technical
and complex to achieve but reasonable extent can be attained. Real-time intrusion detection is
primarily aimed at outsiders attempting to gain unauthorized access to the system.

Variance detection and audit trails
Trends/variance-detection tools look for anomalies in user or system behavior. It is possible to
monitor usage trends and detect major variations. The log can be detected and analyzed to detect
the irregularity. For example, if a user typically logs in at 9 a.m., but appears at 4:30 a.m. one
morning, this may indicate either a security problem or a malfunctioning of the system clock, that
may need to be investigated. The log can be sorted/filtered for all log ins befor 9 a.m. from that
particular terminal.
Audit trails and logs have significant importance in conducting audit of information system in a
computerized environment. Where computer equipment becomes a major component of
information management, auditing through the computer gets more delicate and sensitive. Audit
trail and logs help in auditing through the computer as against auditing around the computer.

35.3 Definition of Audit
In accounting and finance terms, audit is a process which includes an examination of records or
financial accounts to check their accuracy, an adjustment or correction of accounts an examined
and verified account. However the concept is a bit different in case of information systems. An
examination of systems, programming and datacenter procedures in order to determine the
efficiency of computer operations.

35.4 IS audit
Information systems include accounting and finance function as a critical part of the entire system.
Hence, these days audit of information systems as whole incisively focuses on finance and
accounting aspect as well. For example, all banks and financial institutions have soft wares
supporting interest computations. During the audit of IS, the integrity of the source code/program
instructions have to be checked and assurance obtained that these have not been tampered with or
altered in any manner.
An information technology (IT) audit or information systems (IS) audit is an examination of the
controls within an entity's Information technology infrastructure. When transactions are
executed and recorded through computers, the lack of physical audit trail requires
implementation of controls with the Information systems so as to give the same result as
controls are implemented in a manual information system IS audit focuses more on examining
the integrity of controls and ensuring whether they are properly working. Obtained evidence
evaluation can ensure whether the organization's information systems safeguard assets,
maintains data integrity, and is operating effectively and efficiently to achieve the organization's
goals or objectives.

35.5 Parameters of IS audit
Regarding Protection-of-Information-Assets, one purpose of an IT audit is to review and evaluate
an organization's information system's availability, confidentiality, and integrity by answering
questions such as:
1. Will the organization's computer systems be available for the business at all times when
required? (Availability)
2. Will the information in the systems be disclosed only to authorize users? (Confidentiality)
3. Will the information provided by the system always be accurate, reliable, and timely?
4. Besides, the availability, confidentiality and integrity of information systems receiving IT
auditor consideration; it has been suggested by other authors that information system
utility, possession and authenticity also be considered by answering questions such as:
5. Will the organization's computer system provide useful information when required?
6. Will the physical aspects of the organization's computer systems be protected from the
threat of theft? (Possession)
7. Will the information provided by the system always be genuine, original without
unauthorized change? (Authenticity)

35.6 Risk Based Audit Approach
This approach to audit proceeds with following steps
1. Understanding the business process
2. Understanding the control structure built in the system
3. Understanding of inherent risks (risks which are covered through instituting) controls,
which can occur in the absence of controls e.g.
Political legal factors affecting the business,
Nature of industry the organization exists
4. Risk assessment
5. Categorization of risks identified
As in the case of other audits, an IS audit can also be streamlined based on this approach. The
purpose of ensuring a high level of IS security and conducting effective IS audit, presupposes
risk assessment which helps in implementation of security policy. Risk management is the core
line of this entire IT/IS audit. It is a very important concept, now we would discuss this
concept in detail.

<Previous Lesson

Information Systems

Next Lesson>


Lesson Plan


Go to Top

Next Lesson
Previous Lesson
Lesson Plan
Go to Top