logo

Article on Audit Log Information System PDF

9 Pages1051 Words88 Views
   

Added on  2021-11-23

About This Document

Audit logs in IT security are the data in which the computer stores them so that in case of any security issue in the information system, these logs can be referenced. The information which is contained in the logs are files pertaining to all the transactions being undertaken in the computer system. These logs can be attempts such as login success or failure or files access failure or success. They are able to show the threats which are attempting to log into the system without permission.

Article on Audit Log Information System PDF

   Added on 2021-11-23

ShareRelated Documents
Running Head: Audit logs 1
Audit logs
Professor’s Name
Affiliate Institution
Date
Article on Audit Log Information System PDF_1
Audit logs 2
Describe what information was contained in the logs and what value they might
have in a security investigation.
Audit logs in IT security are the data in which the computer stores them so that in case of
any security issue in the information system, these logs can be referenced. The information
which are contained in the logs are files pertaining all the transactions being undertaken in the
computer system. This logs can be attempts such as login success or failure or files access failure
or success. They are able to show the threats which are attempting to log into the system without
permission.
Think about the challenges of getting all of the Active Directory audit policy settings
right. For an infrastructure administrator, how important are these types of settings?
Active directory in the audit logs information system is where the users of the computer
system are assigned the permission and privileges through which they can use to access the
system. (Song, Shi, Fischer & Shankar, 2012) The challenges of getting all the active directory
settings is that it requires an expert to do all the setting policies concerning the audit logs. To
access these logs requires a skilled personnel to both set policies and extract the logs.
What are the risks associated with logging too little data or not auditing the correct
events?
Logging too little data is a security threat to an information system. Logging is like
making the information system data safe and secure. Therefore by not auditing the correct events
or logging all the data in the information system, is that whenever there are attackers trying to
Article on Audit Log Information System PDF_2
Audit logs 3
hack into the system. Without the audit logs, we are not able to see that there are logon failures
or file access failures which enables us to build a strong and secure system. (Tianfield, 2012,
October).
What are the risks associated with logging too many events?
Logging too many events is also very risky. This is because when a lot of events are
logged in the information computer system. At some point, we might forget some details about a
particular event in the system. This event is so crucial and needed to be used. This means that for
you to access the event, you need to repair the whole system which may cause some other events
to get lost.
When the default configuration is to create audit logs, what impact can this have on
security incident investigations?
When default configuration is used to create audit logs, data are not that secure since
some setting are not set in the right way. (Er, Low & Ganesh, 2012). This is because, in default
configurations, the setting are for general usage, whereby certain privileges have not been set so
that it can meet the standards of logging the events in the information system.
This was just a single domain with two systems on a local LAN. How much more
complicated would auditing and log management be for 100 computers? What about an
enterprise with 10,000 computers in several domains on their LAN/WAN?
In this system was a domain with two computers associated with network. Mostly this
work was done on the server site to ensure that logs are created on the user computers. The
Article on Audit Log Information System PDF_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Windows Client Cluster Class Activity Report
|2
|601
|127

Audit Policy and Security Guidelines for Rouge Company
|5
|973
|230

SIT703: Advanced Digital Forensics - Case Investigation Report
|35
|2867
|282

File and print share service in Windows Server 2012
|15
|965
|345

User Instructions for Execution of Change Logger Script for Linux
|10
|1401
|423

CMP3750M Cyber Security Assessment
|12
|1547
|19