“Uncontrolled access to data, with no audit trail of activity and no oversight would be going too far. This applies to both commercial and government use of data about people.”
John Poindexter.
Audit trails are a way of tracing back through the logs of historical activities undertaken through your OSS tools.
The easy approach for vendors to provide this functionality is to provide logs on the relevant database tables. Unfortunately this approach makes it quite difficult for the operators to piece together all of the transactions to make sense of what happens. For example, if you create a new device from a template, this one action can actually create database transactions on device, cards, ports, status, attributes and many more. The difficulty comes in trawling through all the transactions and being able to identify which ones are interrelated to an action.
The more difficult approach is to provide the user interface / functionality that pulls together a sequence of transactions that were spawned from an action.
Audits are a commonly overlooked use case when trialling vendor products. Does your organisation expect to use audits very often to trace through the actions of your operators? If not, conducting a forensic reconstruction of the sequence of events from database logs may be sufficient.
One Response
This is a very good comment and in forensic terms one which should be considered as a standard process.