NIST Defines the Audit Trail… See How Ours Fits the Bill

Posted · Add Comment

As part of running Realise Data Systems, my job needs me to travel quite a lot. Having taken my seat aboard whatever Boeing or Airbus I was traveling on recently, I attempted to explain what I do for a living to my neighboring passenger but it soon dawned on me that there is a knowledge gap between the employees of an organization and the technology that they use.  This seems to be very much the case with the audit trail.

As I explained how our product, Observato, worked (tracking and archiving data records that are created, edited, or destroyed within any system or application), using the term audit trail, my fellow passenger’s confused look gave him away; he wasn’t quite sure WHAT an audit trail was.  So I made it my mission to do a bit of research on audit trails and find a clear cut but also fully developed definition of an audit trail (nothing against Tech Target, but I was looking for a layman’s definition).

My research payed off when I stumbled across a publication on audit trails by the Computer Security Division of the National Institute of Standards and Technology.  Here is their definition of an audit trail:

Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. An audit trail is a series of records of computer events, about an operating system, an application, or user activities.

A computer system may have several audit trails, each devoted to a particular type of activity. Auditing is a review and analysis of management, operational, and technical controls. The auditor can obtain valuable information about activity on a computer system from the audit trail.

Our product, Observato, maintains a record of any activity that involves DATA within any system or application.  Any time a data record is accessed, created, edited, or destroyed, Observato records it, and archives it for future reference.  For example, if a business user puts a new customer entry into their organization’s CRM system, Observato will record the time the entry was created, who created, where it is located, and what was created.

According to NIST, having audit trails can help an organization achieve several objectives.  The objectives they choose to focus on are:

  • Individual Accountability
  • Reconstruction of Events
  • Intrusion Detection
  • Problem Analysis

We are going to focus on Individual Accountability and Reconstruction of Events in conjuction with our audit trail product, Observato.  To read NIST’s full publication on audit trails, please click HERE.

Individual Accountability

Audit trails are a technical mechanism that help managers maintain individual accountability. By advising users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior.

Observato allows managers to search for individual data records by user.  It also allows managers to review business user performance by providing graphs pertaining to system access and productivity.  If Brad is trying to help an angry customer whose billing information is wrong, a manager can access who entered the incorrect information into the customer’s record and hold them responsible.  This helps to reduce human error, while increasing customer service and ensuring that business users are accountable for their actions within your systems.

Reconstruction of Events

Audit trails can also be used to reconstruct events after a problem has occurred. Damage can be more easily assessed by reviewing audit trails of system activity to pinpoint how, when, and why normal operations ceased. Audit trail analysis can often distinguish between operator-induced errors (during which the system may have performed exactly as instructed) or system-created errors (e.g., arising from a poorly tested piece of replacement code).

Observato’s search feature gives any user the ability to trace any data record using a number of different filters.  This can help recover information after a system crash, help to prevent system errors, or help to recover lost information once it is long gone from your internal servers.

Our audit trail is unique in that it is indepedent of any system or application you already have running at your organization.  It can track multiple systems and applications at one time, with all data records being archived in one place, on our secure, cloud servers.  Our comprehensive but easy to navigate user interface gives business users the ability to manage their systems easier, more efficiently, and more effectively.

Access the document this blog post is based on HERE.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.