If an audit tool is deleted, performing audits will take additional time and may lead to less thorough and/or less accurate results. This may adversely impact the ability of responsible personnel to correctly and quickly respond to a security incident.
An audit is the examination and verification of accounts and log records to identify security relevant information such as system or user accesses. They can be very detailed and time-consuming; therefore, there are software tools that are used to manipulate log data to assist authorized personnel in performing audits. Computer Assisted Audit Tools and Techniques (CAATT) use data extraction and analysis software to more efficiently analyze log records; this software can vary widely, and may be part of the firewall’s Graphical User Interface (GUI) and an add-on software module. Examples of this type of tool are firewall analysis software or even spreadsheet programs. Audit tools include, but are not limited to, vendor-provided and open source audit tools used to view and manipulate information system activity and records such as custom query and report generators.
Firewalls or components with an Access Control List that provide tools to access or manipulate audit data will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user has in order to make access decisions regarding the access to audit tools. |