Basics of Information System Auditing

You may be asking yourself, what is an information system audit?  Depending on the context it may mean different things.  Today we will be looking at it as a task that we do to inspect what events of interest occur on a computer system over a given period of time.  To audit a computer or network, there has to be logs.  Kent and Souppaya (2006) share that a log is the record of events that happened on a computer.  For instance, if you enter the wrong password on Windows it will create a log entry for that specific event.  This log entry is one of the items used in conducting an audit.

 

This may lead to the question of why you should audit.  The example that comes to mind is reconciling your bank account when you receive your statement.  When reconciling your bank statement to your checkbook, you may find a discrepancy.  The same can be true when reviewing your log files.  Windows is the most prominent operating system among home users so we will use that as the example.  To review the logs and conduct your own system audit click on Start and scroll down to the Windows Administrative Tools.  Click on that folder icon and find the Event Viewer and select the icon.  The event viewer is a consolidated log that allows for easy auditing since many other programs write their events to the event viewer as well.  Once you are in the windows event viewer, I would recommend looking around at the different log sets available for viewing.  You may be interested to see if someone, like your child or someone else who has access, tried to login to your computer using your username and failed.  To do this, in the Event Viewer click on the Windows Log folder.  It will present a drop-down of five different event logs. To check login actions, select the Security event log.  It may take a second to load, but includes all security related events, which includes login attempts.

If you are interested in more in-depth information about information system auditing please see our intermediate blog here to continue the audit journey.

References

Kent, K., & Souppaya, M. P. (2006). Guide to computer security log management. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-92

Spread the word. Share this post!

Leave Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.