IHI Table1: Difference between revisions

Revision as of 22:23, 5 January 2014

Table 1. A comparison of auditable events by source, with a categorization of events affecting user-based non-repudiation
Auditable Events	Source of Software Audit mechanism Checklist				Affects User-based Non-repudiation
Log Entry Item	Chuvakin and Peterson^[3]	CCHIT^[2]	SANS^[7]	IEEE^[6]	Yes or No
System startup	X	X	X		N
System shutdown	X	X	X		N
System restart			X		N
User login/logout	X	X	X		Y
Session timeout		X			Y
Account lockout		X			Y
Create data	X	X	X		Y
Update data	X	X	X		Y
Delete data	X	X	X		Y
Query data		X			Y
Node-authentication failure	X	X	X		N
Signature created/validated		X			Y
Export data		X			Y
Import data		X			Y
Security administration event	X	X	X	X	N
Scheduling		X			N
System backup	X	X			Y
System restore		X				Y
Initiate a network connection	X		X	X	N
Accept a network connection			X	X	N
Grant access rights	X		X	X	Y
Modify access rights	X		X	X	Y
Revoke access rights	X		X	X	Y
System, network, or services changes	X		X	X	N
Application process abort/failure/abnormal end	X		X		N
Detection of malicious activity	X		X		N
Changes to audit log configuration				X	N

@@ Line 32: / Line 32: @@
 |
 | N
-|- style="font-style: bold; background-color: #EEEEEE"
+|- style="font-weight: bold; background-color: #EEEEEE"
 | User login/logout
 | X