The frequency and thoroughness with which security-related auditing occurs depends on the level of system security that must be maintained. Auditing should occur often enough to ensure that important security violations are uncovered in a timely fashion. At sites where security is important, an auditing policy should be part of the general security policy. It is important that users understand the auditing policy. In particular, the users should be advised if random “spot” audits of users are part of the policy.
Informing users of auditing policy serves two purposes:
-
It might deter those who are considering breaking security policy.
-
It avoids user ill will generated when users discover on their own that their actions are being audited.
When informing users of auditing policy, emphasize the positive aspects of system security and minimize user apprehensions about the installation “spying” on its users.
