The Value of Audit Logs in Cybersecurity, Thesis of Management Accounting

The importance of audit logs in maintaining the security of computer networks. It outlines the various types of information that should be logged, such as user IDs, access to systems and data, and security-related events. The document also highlights the value of audit logs for security administrators, investigators, and researchers, particularly in the event of a breach. It concludes by discussing the challenges of implementing an effective audit policy, including the risks of logging too little or too much data.

Typology: Thesis

2023/2024

Available from 01/25/2024

helperatsof-1
helperatsof-1 🇺🇸

4.2

(5)

14K documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CYB/205
Audit Logs
CYB/205
Information Contained In Audit Logs and Their Value
Knowing who, what, when and how on a computer network is paramount to its security.
Setting up an audit log / trail allows a network/system administrator to essentially virtually
follow a user through their digital stroll through the network. Here are a some of the things
that need to be logged.
User IDs (Walsh, 2018)
Date and time records for when Users log on and off the system (Walsh, 2018)
Terminal ID (Walsh, 2018)
Access to systems, applications, and data – whether successful or not (Walsh,
2018)
Files accessed (Walsh, 2018)
Networks access (Walsh, 2018)
System configuration changes (Walsh, 2018)
System utility usage (Walsh, 2018)
Exceptions (Walsh, 2018)
Security-related events such as triggered alarms (Walsh, 2018)
Protection system notifications (i.e. intrusion detection or anti-malware
notifications) (Walsh, 2018)
This audit logged information has tremendous value for security administrators,
investigators and researchers. When conducting a forensic digital audit having logs that pin-
point a users exact location within the network, the time and what files were accessed
provides for a very robust security posture. This way, in the event a breach happens the
holes that were exploited can be identified and plugged.
pf3
pf4

Partial preview of the text

Download The Value of Audit Logs in Cybersecurity and more Thesis Management Accounting in PDF only on Docsity!

CYB/

Audit Logs CYB/ Information Contained In Audit Logs and Their Value Knowing who, what, when and how on a computer network is paramount to its security. Setting up an audit log / trail allows a network/system administrator to essentially virtually follow a user through their digital stroll through the network. Here are a some of the things that need to be logged.  User IDs (Walsh, 2018)  Date and time records for when Users log on and off the system (Walsh, 2018)  Terminal ID (Walsh, 2018)  Access to systems, applications, and data – whether successful or not (Walsh,

 Files accessed (Walsh, 2018)  Networks access (Walsh, 2018)  System configuration changes (Walsh, 2018)  System utility usage (Walsh, 2018)  Exceptions (Walsh, 2018)  Security-related events such as triggered alarms (Walsh, 2018)  Protection system notifications (i.e. intrusion detection or anti-malware notifications) (Walsh, 2018) This audit logged information has tremendous value for security administrators, investigators and researchers. When conducting a forensic digital audit having logs that pin- point a users exact location within the network, the time and what files were accessed provides for a very robust security posture. This way, in the event a breach happens the holes that were exploited can be identified and plugged.

Active Directory Audit Policies and Their Importance To implement a cyber security audit policy and ensuring every item that needs to be logged has a corresponding Active Directory audit item selected can be a very big task for just one person let alone setting it up for a whole team. For infrastructure administrators ensuring these settings are enabled for all users means being able to adequately secure their employers network, it is a large task but must be done. Auditing Too Little Data or Incorrect Events If the auditing policy calls for logging to little data or logging incorrect events all together there can be great harm done to the ability to sufficiently diagnose security related events. There is always a fine balance between logging enough or not enough data. Audit Logging Too Many Events The inverse of the aforementioned is also true. When setting audit log parameters to be too inclusive the amount of data that would need to be stored grows or doubles each day, not to mention we do not want have so much data that it is cost prohibitive to sift through. Now for a small organization this may not be a burden. But for organizations with tens of thousands or hundreds of thousands of employees setting the right of audit logs is just as important as setting too many. Audit Logs Automatically Created When the default configuration is to create audit logs this should create an

From experience setting up 50 Windows systems to the network. I wish I would have known about audit logging 10 years ago. With the ever increasing ease of use of some tools like Windows server and others going forward and especially in light of all the ransomware and hacks happening an infrastructure administrator will surely implement robust auditing on all systems connected to their employers network to ensure that in the event a security breach happens. They can track down exactly when and how and in doing so learn how to prevent from happening again. Reference Walsh, K. (2018). Audit Log Best Practices For Information Security | Reciprocity. https://reciprocitylabs.com/audit-log-best-practices-for-information-security/