|
|
Auditing data provide a possibility to detect a posteriori a breach of security or an attempt to do so. Auditing data can thus be used to identify the perpetrator in case of damage. A further important function of the auditing data is deterrence. If auditing data are evaluated on a regular basis, intentional attacks can be detected at an early stage. If the auditing data are not, or are inadequately evaluated and this becomes known, they lose their function as a deterrent.
Many IT systems or applications lack sufficient possibilities for auditing. In some cases auditing is not provided for at all and in other cases it is often not possible to make distinctions in the auditing according to events.
Example:
On a stand-alone Windows 95 computer it is not possible to log the activities of one or more users on a user-specific basis. Therefore, it cannot be determined if security has been impaired or an attempt to impair security has occurred.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |