Auditing and Logging of Changes

Changes to systems, procedures, and software is inevitable to effective operations. Such changes are executed to improve performance, implement new requirements, insure integration, increase functionality, and address threats or vulnerabilities. It is important to audit system changes and log system changes so that, as necessary, the origin of the change is traceable and the author of the change is identifiable.

Auditing and logging can deliver information integrity, which is the assurance that data has not been altered or damaged either intentionally or unintentionally. Assuring that the information is correct is known as information accuracy, which can also be a benefit of auditing and logging.

Harvard University defines an information systems audit as "a comprehensive examination of a given targeted system" and an evaluation of the components of that system. The following areas, outlined by Harvard University's Risk Management and Audit Services, can be examined during an information audit (Harvard University, n.d.):

  • high-level systems architecture review
  • business process mapping
  • end-user identity management
  • operating systems configurations
  • application security controls
  • database access controls
  • antivirus/antimalware controls
  • network controls
  • logging and auditing systems and processes
  • IT privileged access control
  • IT processes in support of the system (e.g., user account reviews, change management)
  • backup/restore procedures

References

Harvard University. (n.d.). Risk management and audit services. http://rmas.fad.harvard.edu/faq/what-systems-audit