You are on page 1of 4

THE E-SECURITY TOOLKIT

This question moduIe wiII assess auditing and Iogging IunctionaIity and practices. AII aspects are
considered, incIuding the type oI audit data coIIected, the monitoring procedures and access to the audit Iog
itseII.
It is suggested that this question moduIe is compIeted by the Manager oI the area concerned, or by the
reIevant Security Administrator/Auditor, iI one exists.
Audit & Logging
Page 1 of 4
THE E-SECURITY TOOLKIT
Question Module: AUDI1 - Audit Procedures
Question 1 - Completion is REQUIRED. Please select only ONE response.
Are unsuccessIuI access attempts audited and monitored (i.e. reports produced and examined)?
Audited And Monitored
Audited OnIy
Neither
Question 2 - Completion is REQUIRED. Please select only ONE response.
Is an audit capabiIity in use Ior other than initiaI system access (eg: Ior IiIe/IoIder vioIations,
registry/system
, )
Yes
No Go to EAD
Question 3 - Completion is OPTIONAL, and more than one response may be selected.
PIease seIect Irom the Iist, those events that are appIicabIe but are NOT being audited.
System Events (eg registry changes)
FiIe/FoIder Access VioIations
Sensitive Programs Executed
Internet Activity
System ConIiguration Changes
Question 4 - Completion is REQUIRED. Please select only ONE response.
Are audit reports IabeIed in any way (eg: date produced, owner, etc)?
Yes
No Go to question 6
Not AppIicabIe
Page 2 of 4
THE E-SECURITY TOOLKIT
Question Module: AUDI1 - Audit Procedures
Question 5 - Completion is OPTIONAL, and more than one response may be selected.
PIease seIect those items which are NOT incIuded on audit report headers/IabeIs.
Owner
Date Produced
Question 6 - Completion is REQUIRED. Please select only ONE response.
Are the pages oI the audit report numbered ?
Yes
No
Question 7 - Completion is OPTIONAL, and more than one response may be selected.
PIease seIect those items Ior which data is NOT heId in the audit Iog (where appIicabIe).
User-id
Date/time OI Event
Name OI FiIe/FoIder/Site
Type OI Event Recorded
Question 8 - Completion is REQUIRED. Please select only ONE response.
How IrequentIy is the audit Iog printed and checked?
Every Day
Every Week
Every Month
Every Three Months
Every Six Months
Never Printed & Checked
Page 3 of 4
THE E-SECURITY TOOLKIT
Question Module: AUDI1 - Audit Procedures
Question 9 - Completion is REQUIRED. Please select only ONE response.
Is access to the audit Iog itseII restricted?
Yes
No
Question 10 - Completion is REQUIRED. Please select only ONE response.
What access IeveI does the auditor have to the audit Iog?
Read OnIy Access
Read & Update Access
Read, Update & FiIe DeIete
Not AppIicabIe
Question 11 - Completion is REQUIRED. Please select only ONE response.
Are test 'unauthorized access' attempts ever made to ensure that the security and audit mechanisms are
working as speciIied?
Yes
No
Page 4 of 4
THE E-SECURITY TOOLKIT