A well-balanced IT security policy should include complementary proactive and reactive components. The proactive component uses strong security controls such as those described above, while the reactive component includes auditing and monitoring those security controls. Both components are necessary to maintain effective security control.
The purpose of auditing is to track user actions and keep an audit trail that can be read by some intrusion detection system. There are two aspects of auditing.
The first aspect is to keep track of information about users who have been authenticated into the system, as well as the failed attempts of authentication.
The second aspect of auditing is to keep track of what information or which resources a particular user has accessed or failed to access. Also, the type of action, such as updating or deleting, is an important part of the access audit trail.
For information about configuring auditing, see Chapter 6, “Auditing.”
