| (I) An independent review and examination of a system's records
and activities to determine the adequacy of system controls,
ensure compliance with established security policy and procedures,
detect breaches in security services, and recommend any changes
that are indicated for countermeasures. [I7498 Part 2, NCS01]
(C) The basic audit objective is to establish accountability for
system entities that initiate or participate in security-relevant
events and actions. Thus, means are needed to generate and record
a security audit trail and to review and analyze the audit trail
to discover and investigate attacks and security compromises.
|
