Logs and Audit Trails

Access control systems and security policies are undermined if the system cannot identify abuses.  Consequently, a system should be able to identify the user name that accessed a file and the time of the access.  A log of alterations made, along with author / editor, should also be created.  Logs and audit trails can help in the effective administration of the security system and can deter staff members tempted to abuse the system.  Staff should be informed that logging is in place and that user logs are regularly reviewed.  Monitoring processes should focus not only on networks, operating systems, intruder detection systems and firewalls but should include remote access services, web applications and databases. 

An intruder detection system (IDS) acts as an internal alarm system that monitors and reports on malicious activities on a network or system.  Such systems also aim to detect attacks that originate from within the system.  Any organisation processing large volumes of personal data should have an IDS deployed and activated.  Where alerts/events are generated by any such systems there must be a meaningful system in place to examine them in a timely fashion.  This is to assist in identifying unusual activity and take immediate corrective action if there is an on-going breach of security.