Accountability and Audit
IT Resource Security Standards - Accountability Audit
IT Resources critical to University operations are to have appropriate control measures applied and logging of critical events enabled.
- Event logs should be stored on a separate secure IT Resource and not saved to each local system. Storing log information to shared file systems should be avoided.
- Audit logs must be protected, set as read-only and made accessible only by personnel authorized to view them.
- Where possible, actions performed by System Administrators should be logged.
- Logs should not contain passwords.
- IT Resources critical to University operations should be audited regularly (minimum once per year).