IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 2.22 Lack of evaluation of auditing data
Auditing data provide a possibility to detect a posteriori a breach of security
or an attempt to do so. Auditing data can thus be used to identify the
perpetrator in case of damage. A further important function of the auditing
data is deterrence. If auditing data are evaluated on a regular basis, intentional
attacks can be detected at an early stage. If the auditing data are not, or are
inadequately evaluated and this becomes known, they lose their function as a
deterrent.
Many IT systems or applications lack sufficient possibilities for auditing. In
some cases auditing is not provided for at all and in other cases it is often not
possible to make distinctions in the auditing according to events.
Example:
On a stand-alone Windows 95 computer it is not possible to log the activities
of one or more users on a user-specific basis. Therefore, it cannot be
determined if security has been impaired or an attempt to impair security has
occurred.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000