IHI Table1: Difference between revisions

Revision as of 22:20, 5 January 2014

Table 1. A comparison of auditable events by source, with a categorization of events affecting user-based non-repudiation
Auditable Events	Source of Software Audit mechanism Checklist				Affects User-based Non-repudiation
Log Entry Item	Chuvakin and Peterson^[3]	CCHIT^[2]	SANS^[7]	IEEE^[6]	Yes or No
System startup	X	X	X		N
System shutdown	X	X	X		N
System restart			X		N
User login/logout	X	X	X		Y
Session timeout		X			Y
Account lockout		X			Y
Create data	X	X	X		Y
Update data	X	X	X		Y
Delete data	X	X	X		Y
Query data		X			Y
Node-authentication failure	X	X	X		N
Signature created/validated		X			Y
Export data		X			Y
Import data		X			Y
Security administration event	X	X	X	X	N
Scheduling		X			N
System backup	X	X			Y
System restore		X				Y
Initiate a network connection	X		X	X	N
Accept a network connection			X	X	N
Grant access rights	X		X	X	Y
Modify access rights	X		X	X	Y
Revoke access rights	X		X	X	Y
System, network, or services changes	X		X	X	N
Application process abort/failure/abnormal end	X		X		N
Detection of malicious activity	X		X		N
Changes to audit log configuration				X	N

@@ Line 6: / Line 6: @@
 |-
 | ''Log Entry Item''
-| Chuvakin and Peterson<sup>[3]</sup>
+| ''Chuvakin and Peterson<sup>[3]</sup>''
-| CCHIT<sup>[2]</sup>
+| ''CCHIT<sup>[2]</sup>''
-| SANS<sup>[7]</sup>
+| ''SANS<sup>[7]</sup>''
-| IEEE<sup>[6]</sup>
+| ''IEEE<sup>[6]</sup>''
-| Yes or No
+| ''Yes or No''
 |-
 | System startup