Spread Knowledge

CS507 - Information Systems - Lecture Handout 35

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Audit trails and logs

An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities. An information system may have several audit trails, each devoted to a particular type of activity. All these audit trails are primarily extracted from the audit log recorded on chronological basis. The audit log is maintained only for the list of activities specified for which the log is to be maintained. The information can be recorded varies including but not limited to

  1. Time stamp for the log in/out time
  2. Terminal in use
  3. Files accessed
  4. Transactions performed
  5. Amendments made

Audit trails can provide a means to help accomplish several security-related objectives, including individual accountability, reconstruction of events (actions that happen on a computer system), intrusion detection, and problem analysis, as well as evidence of the correct processing regimes within a system

There are typically two kinds of audit records:

  1. An event-oriented log ---- this usually contain records describing system events, application events, or user events. An audit trail should include sufficient information to establish what events occurred and who (or what) caused them.
  2. A record of every keystroke---- often called keystroke monitoring. Keystroke monitoring is the process used to view or record both the keystrokes entered by a computer user and the computer's response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.


Audit trails and logs are a form of documentation which helps in reviewing various activities undertaken by various users. Any alterations and modifications made in the documentation should be logged as well for monitoring the integrity. Documentation may include program code of application softwares, technical manuals, user manuals and any other system-related documentation. This would help to see that data is not modified on the instructions of the users. Log of all amendments should be supported by proper authorization by responsible officers.

Accountability through audit trails

Audit trails are technical mechanism that helps managers maintains individual accountability. Users can be identified by the log being maintained. Users are informed of what the password allows them to do and why it should be kept secure and confidential. Audit trails help to provide variants from normal behavior which may lead to unauthorized usage of resources. For example

  • Audit trails can be used together with access controls to identify and provide information about users suspected of improper modification of data (e.g., introducing errors into a database).
  • An audit trail may record "before" and "after" images, also called snapshots of records.

This helps in audit evaluation work.

Audit trails and types of errors

Audit trail analysis can often distinguish between operator-induced errors (during which the system may have performed exactly as instructed) or system-created errors (e.g., arising from a poorly tested piece of replacement code). For Example a system fails or the integrity of a file (either program or data) is questioned, an analysis of the audit trail can reconstruct the series of steps taken by the system, the users, and the application. Knowledge of the conditions that existed at the time of, for example, a system crash, can be useful in avoiding future mishaps.

Intrusion detection

Intrusion detection refers to the process of identifying attempts to penetrate a system and gain unauthorized access. If audit trails have been designed and implemented to record appropriate information, they can assist in intrusion detection. Intrusion detection system can be made part of the regular security system to effectively detect intrusion. Real time intrusion detection is technical and complex to achieve but reasonable extent can be attained. Real-time intrusion detection is primarily aimed at outsiders attempting to gain unauthorized access to the system.

Variance detection and audit trails

Trends/variance-detection tools look for anomalies in user or system behavior. It is possible to monitor usage trends and detect major variations. The log can be detected and analyzed to detect the irregularity. For example, if a user typically logs in at 9 a.m., but appears at 4:30 a.m. one morning, this may indicate either a security problem or a malfunctioning of the system clock, that may need to be investigated. The log can be sorted/filtered for all log ins befor 9 a.m. from that particular terminal.

Audit trails and logs have significant importance in conducting audit of information system in a computerized environment. Where computer equipment becomes a major component of information management, auditing through the computer gets more delicate and sensitive. Audit trail and logs help in auditing through the computer as against auditing around the computer.

Definition of Audit

In accounting and finance terms, audit is a process which includes an examination of records or financial accounts to check their accuracy, an adjustment or correction of accounts an examined and verified account. However the concept is a bit different in case of information systems. An examination of systems, programming and datacenter procedures in order to determine the efficiency of computer operations.

IS audit

Information systems include accounting and finance function as a critical part of the entire system.
Hence, these days audit of information systems as whole incisively focuses on finance and accounting aspect as well. For example, all banks and financial institutions have soft wares supporting interest computations. During the audit of IS, the integrity of the source code/program instructions have to be checked and assurance obtained that these have not been tampered with or altered in any manner.

An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity's Information technology infrastructure. When transactions are executed and recorded through computers, the lack of physical audit trail requires implementation of controls with the Information systems so as to give the same result as controls are implemented in a manual information system IS audit focuses more on examining the integrity of controls and ensuring whether they are properly working. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and is operating effectively and efficiently to achieve the organization's goals or objectives.

Parameters of IS audit

Regarding Protection-of-Information-Assets, one purpose of an IT audit is to review and evaluate an organization's information system's availability, confidentiality, and integrity by answering questions such as:

  1. Will the organization's computer systems be available for the business at all times when required? (Availability)
  2. Will the information in the systems be disclosed only to authorize users? (Confidentiality)
  3. Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
  4. Besides, the availability, confidentiality and integrity of information systems receiving IT auditor consideration; it has been suggested by other authors that information system utility, possession and authenticity also be considered by answering questions such as:
  5. Will the organization's computer system provide useful information when required? (Utility)
  6. Will the physical aspects of the organization's computer systems be protected from the threat of theft? (Possession)
  7. Will the information provided by the system always be genuine, original without unauthorized change? (Authenticity)

Risk Based Audit Approach

This approach to audit proceeds with following steps

  1. Understanding the business process
  2. Understanding the control structure built in the system
  3. Understanding of inherent risks (risks which are covered through instituting) controls, which can occur in the absence of controls e.g.
    • Political legal factors affecting the business,
    • Nature of industry the organization exists
  4. Risk assessment
  5. Categorization of risks identified

As in the case of other audits, an IS audit can also be streamlined based on this approach. The purpose of ensuring a high level of IS security and conducting effective IS audit, presupposes risk assessment which helps in implementation of security policy. Risk management is the core line of this entire IT/IS audit. It is a very important concept, now we would discuss this concept in detail.