IHI Table1: Difference between revisions

Revision as of 22:30, 5 January 2014

Table 1. A comparison of auditable events by source, with a categorization of events affecting user-based non-repudiation
Auditable Events	Source of Software Audit mechanism Checklist				Affects User-based Non-repudiation
Log Entry Item	Chuvakin and Peterson^[3]	CCHIT^[2]	SANS^[7]	IEEE^[6]	(Yes or No)
System startup	X	X	X		N
System shutdown	X	X	X		N
System restart			X		N
User login/logout	X	X	X		Y
Session timeout		X			Y
Account lockout		X			Y
Create data	X	X	X		Y
Update data	X	X	X		Y
Delete data	X	X	X		Y
View data	X	X	X		Y
Query data		X			Y
Node-authentication failure	X	X	X		N
Signature created/validated		X			Y
Export data		X			Y
Import data		X			Y
Security administration event	X	X	X	X	N
Scheduling		X			N
System backup	X	X			Y
System restore		X			Y
Initiate a network connection	X		X	X	N
Accept a network connection			X	X	N
Grant access rights	X		X	X	Y
Modify access rights	X		X	X	Y
Revoke access rights	X		X	X	Y
System, network, or services changes	X		X	X	N
Application process abort/failure/abnormal end	X		X		N
Detection of malicious activity	X		X		N
Changes to audit log configuration				X	N

@@ Line 10: / Line 10: @@
 | ''SANS<sup>[7]</sup>''
 | ''IEEE<sup>[6]</sup>''
-| ''Yes or No''
+| ''(Yes or No)''
 |-
 | System startup
@@ Line 69: / Line 69: @@
 |-  style="font-weight: bold; background-color: #EEEEEE"
 | Delete data
+| X
+| X
+| X
+|
+| Y
+|-  style="font-weight: bold; background-color: #EEEEEE"
+| View data
 | X
 | X
@@ Line 134: / Line 141: @@
 |
 | X
-|
 |
 |