This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Terrie Diaz.
What is it?
A systematic investigation of network and system activities and events.
Why is it important?
Auditing evaluates the who, what, where, and when of events on a network, which helps managers identify critical events that may have an impact on their organization.
Why does a business professional need to know this?
Business professionals need information about events that are essential to ensure continuous business operation, security of sensitive data, and availability of resources.
Knowing what and how much to audit is an important decision. Auditing every event provides too much information and is resource intensive. Auditing no events leaves system administrators unaware of hacking attempts, the health of devices on the network, configuration changes, and other events, such as password changes.
Just as important as auditing specific events is reviewing event records. If no one is paying attention to the data being collected, then auditing serves no purpose. Auditing provides a wealth of information in real time, and reviewing event logs provides important information to ensure that proper action can be taken.
System administrators configure systems to ensure that audit records are generated for the required auditable events. Here are some examples of auditable events:
- Failed login attempts
- Network connection attempts
- An administrator opening or shutting down a network port
Auditing software typically generates a record for each event that records the date and time of the event, the type of event, and the person who initiated the event. Audit records can be difficult to read in their raw form, but system administrators typically use programs that search for patterns and generate reports to summarize results.
Audits can reveal vulnerabilities before they are exploited by attackers. For example, an audit of IT practices in the town of Geneseo, New York, revealed lax procedures and deficiencies that left the town’s computer systems vulnerable to attack. This is just one example of many instances where audits revealed serious deficiencies in cybersecurity.