With the rapid development of Internet technology, more and more enterprises begin to pay attention to information security. As an important means of information security management, security audit also plays a vital role in protecting information security for enterprises. Then the security audit What is the purpose and what are its classifications? The following are the details:
The purpose of the security audit is to:
Serve as a significant deterrent and warning to potential attackers;
Test the adequacy of system controls so that adjustments can be made to ensure consistency with established security policies and operations;
For the system destruction that has occurred, make a damage assessment and provide effective disaster recovery basis and evidence of accountability;
Evaluate and provide feedback on specific changes in system controls, security policies, and procedures to facilitate revised decision-making and deployment;
Provide system administrators with valuable system usage logs to help them discover system intrusions or potential system vulnerabilities in time.
There are three types of security audits:
System-level audit: System-level audit mainly reviews event information such as system login status, user identification number, date and specific time of login attempt, date and time of logout, equipment used, and operating procedures after login. Typical system-level audit logs also include some non-security-related information, such as system operations, expense accounting, and network performance. This type of audit does not track and record application events, nor does it provide sufficient detail;
Application-level auditing: Application-level auditing is mainly aimed at application activity information, such as opening and closing data files, specific operations such as reading, editing, and deleting records or fields, and printing reports;
User-level audit: User-level audit is mainly to audit the user's operation activity information, such as all commands directly started by the user, all authentication and authentication operations of the user, files and resources accessed by the user, and other information;