Endpoint Administration Guide for Windows › Monitoring and Auditing › Security Auditors

Security Auditors

One of the most important tasks of security auditors and system administrators is auditing or monitoring system activity to detect suspicious or malicious activity. Security auditing plays an essential role in a secure environment, and the security auditing features in CA ControlMinder include the following:

• Providing a reliable indication of who has accessed the system, what resources have been accessed, how the resource has been accessed (for example, read a file), and when resources have been accessed
• Notifying and alerting appropriate users in case of an attempted security breach, even if the attempt failed
• Indicating what changes have been made to the security rules, and by whom
• Providing a means to test the effect of access rules before they are enforced

CA ControlMinder auditing is modeled after real-world auditing: security auditors act independently of system and security administrators, although you can change your implementation so that this is not the case if some other model is more appropriate for your environment.

A security auditor is a user to whom the AUDITOR attribute is assigned. Users defined as security auditors are permitted to perform auditing tasks such as changing the audit rules that are assigned to users and resources. They are also authorized to use the CA ControlMinder auditing utilities without being required to have the ADMIN attribute.