The audit log review policy will help ensure that processes are in place across all designated company systems to ensure that designated audit logs are reviewed daily and following a security incident. This policy will aid in the detection of unusual or unauthorized events as well as investigate causal factors for identified events, reconstruct the course of events before and after an event, and identify the account associated with a specific event. The audit log review policy is key to ensuring that no unusual or unauthorized events go unnoticed.
Risks Addressed by Policy:
- Undetected security breaches.
- Lack of accountability for unusual or unauthorized events.
- Increased legal liability for unusual events.