Audit trail

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.[1][2] Audit records typically result from activities such as financial transactions,[3] scientific research and health care data transactions,[4] or communications by individual people, systems, accounts, or other entities.

The process that creates an audit trail is typically required to always run in a privileged mode, so it can access and supervise all actions from all users; a normal user should not be allowed to stop/change it. Furthermore, for the same reason, trail file or database table with a trail should not be accessible to normal users. Another way of handling this issue is through the use of a role-based security model in the software;[5] the software can operate with the closed-looped controls, or as a 'closed system', as required by many companies when using audit trail functionality.

Industry uses[edit]

In telecommunication, the term means a record of both completed and attempted accesses and service, or data forming a logical path linking a sequence of events, used to trace the transactions that have affected the contents of a record.

In information or communications security, information audit means a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event.

In nursing research, it refers to the act of maintaining a running log or journal of decisions relating to a research project, thus making clear the steps taken and changes made to the original protocol.

In accounting, it refers to documentation of detailed transactions supporting summary ledger entries; this documentation may be on paper or on electronic records.

In online proofing, it pertains to the version history of a piece of artwork, design, photograph, video, or web design proof in a project.

In clinical research, server based systems call clinical trial management systems (CTMS) require audit trails. Anything regulatory or QA/QC related also requires audit trails.

In voting, a voter-verified paper audit trail is a method of providing feedback to voters using a ballotless voting system.

References[edit]

  1. ^ "National Information Assurance (IA) Glossary" (PDF). Committee on National Security Systems. 7 August 1996. p. 4. Retrieved 7 March 2012.
  2. ^ "ATIS Telecom Glossary 2012 - audit trail". Alliance for Telecommunications Industry Solutions (ATIS) Committee PRQC. 2012. Archived from the original on 13 March 2013. Retrieved 7 March 2012.
  3. ^ "SEC Proposes Consolidated Audit Trail System to Better Track Market Trades". U.S. Securities and Exchange Commission. 26 May 2010. Retrieved 7 March 2012.
  4. ^ "Electronic Code of Federal Regulations - Title 21: Food and Drugs - Part 11: Electronic Records; Electronic Signatures". U.S. Government Printing Office. Archived from the original on 8 June 2010. Retrieved 2 March 2012.
  5. ^ Brancik, Kenneth C. (2007). "Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls". Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks. CRC Press. pp. 18–19. ISBN 1-4200-4659-4.