Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 63: | Line 63: | ||
==== 3.1.2. Log File Reliability ==== | ==== 3.1.2. Log File Reliability ==== | ||
Another technological challenge facing software audit mechanisms involves reliability of the audit mechanism, itself. NIST highlights the issue of breach of audit mechanism log data<sup>[8]</sup>. Audit mechanism log files need protection to ensure that the data contained within the log files is unmodified, accurate, and reliable. Engineering this protection of the audit mechanism log files may be challenging; it may also be overlooked by system developers who are unaware or indifferent to the implications of unprotected log files and inaccurate data that may result from modified logs. In this unprotected situation, log files are no longer trustworthy, the audit mechanism is no longer effective for monitoring user-based non-repudiation, and the accountability of the system is weakened. | |||
=== 3.2. Challenges in Policy, Regulations, and Compliance === | === 3.2. Challenges in Policy, Regulations, and Compliance === | ||