Document Audit Trail
A Document Audit Trail is a series of records of computer events, about an operating system, an application, or user activities. It is generated by an auditing system such as TDOC, that monitors system activity.
A Document Audit Trail allows you to automatically identify changes made to data in your databases – showing you who changed what and when.
Document Audit Trails are important as they allow database administrators to track changes, check specific user’s actions, screen for general security and help companies comply with regulatory requirements.
A Document Audit Trail will allow you to track inserts, updates and deletions.
Document Audit Trails have many uses in the realm of computer security:
- An individual's actions can be tracked in an audit trail allowing users to be personally accountable for their actions. This helps to prevent users from bypassing security policies, and even if they do, they can be held accountable.
- Document Audit Trails can be used to reconstruct events after a problem has occurred. The amount of damage that occurred with an incident can be assessed by reviewing audit trails of system activity to pinpoint how, when, and why the incident occurred.
- Document Audit Trails can be used as on-line tools to monitor problems as they occur. Such real time monitoring helps in detection of problems like disk failures, over utilization of system resources or network outages.
- Document Audit Trails can help to identify attempts to penetrate a system and gain unauthorized access by recording appropriate events. Determining what events to audit so that audit trails can be used in an effective manner to aid intrusion detection is one of the present research issues being looked into by the research community.
- Document Audit Trails need to be analyzed to determine vulnerabilities, establish accountability, assess damage and recover the system. Manual analysis of audit trails, though time consuming, is often used as the logging mechanisms generate copious amounts of data.
