An CA Top Secret auditor has the authority to audit users and resources. To audit users, the auditor attaches the AUDIT attribute to the user’s ACID. To audit resources, the auditor updates the AUDIT record with the resource or resource prefix to be audited.
The auditor may wish to audit critical resources on a permanent basis and produce reports or monitor online the results of the audit. The auditor may also wish to spot-check user activity by periodically auditing key personnel.
The auditor may wish to coordinate the audit activity with the Security Administrator. The Security Administrator may do concurrent audits to monitor effectiveness of the security implementation.
Note: Carefully select audit criteria, and revise this criteria as audit requirements change. This avoids the unnecessary generation of large numbers of audit records.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|