Skip to content

Term of the Week: Audit

What is it?

A systematic investigation of network and system activities and events.

Why is it important?

Auditing evaluates the who, what, where, and when of events on a network, which helps managers identify critical events that may have an impact on their organization.

Why does a business professional need to know this?

Business professionals need information about events that are essential to ensure continuous business operation, security of sensitive data, and availability of resources.

Knowing what and how much to audit is an important decision. Auditing every event provides too much information and is resource intensive. Auditing no events leaves system administrators unaware of hacking attempts, the health of devices on the network, configuration changes, and other events, such as password changes.

Just as important as auditing specific events is reviewing event records. If no one is paying attention to the data being collected, then auditing serves no purpose. Auditing provides a wealth of information in real time, and reviewing event logs provides important information to ensure that proper action can be taken.

System administrators configure systems to ensure that audit records are generated for the required auditable events. Here are some examples of auditable events:

  • Failed login attempts
  • Network connection attempts
  • An administrator opening or shutting down a network port

Auditing software typically generates a record for each event that records the date and time of the event, the type of event, and the person who initiated the event. Audit records can be difficult to read in their raw form, but system administrators typically use programs that search for patterns and generate reports to summarize results.

Audits can reveal vulnerabilities before they are exploited by attackers. For example, an audit of IT practices in the town of Geneseo, New York, revealed lax procedures and deficiencies that left the town’s computer systems vulnerable to attack(Leader 2017). This is just one example of many instances where audits revealed serious deficiencies in cybersecurity.

References

About Terrie Diaz

Photo of Terrie Diaz

Terrie Diaz is Cisco’s government certification team technical lead and is responsible for Cisco’s Common Criteria evaluations. She is well-versed in US and international certification requirements and is an active member in many of the global technical communities responsible for writing the collaborative protection profiles in which Common Criteria evaluations are performed.

Terrie is a Certified Information Systems Security Professional (CISSP) with over 30 years of experience in IT and system security, supply chain risk management, and program management. She has a bachelor of science degree in business management and retired from the US military after serving for 21 years.

Term: Audit

Email: tediaz@cisco.com

LinkedIn: linkedin.com/in/terriediazmsg

Leave a Reply