A top-down approach towards translating organizational security policy directives to system audit configuration

Abstract

There is a significant gap between the stated objectives of organizational security found in corporate security policy and the audit configuration of event logs present on IT systems. Audit configuration has always been a bottom-up process. As a result, the design and implementation of audit configurations is often constrained by the audit management interface that often models operating system structures rather than real world behavior. This paper argues for a top-down approach in the establishment of IT audit policies and practices. We propose that management should develop an organization wide audit policy that will set mandatory audit directives and ensures that the audit configuration reflects the needs of the organization as defined in the security policy.