Security audits

This topic describes the purpose of security audits.

People audit their system security for several reasons:

• To evaluate whether the security plan is complete.

• To make sure that the planned security controls are in place and working. This type of auditing is usually performed by the security officer as part of daily security administration. It is also performed, sometimes in greater detail, as part of a periodic security review by internal or external auditors.

• To make sure that system security is keeping pace with changes to the system environment. Some examples of changes that affect security are:

  • New objects created by system users

  • New users admitted to the system

  • Change of object ownership (authorization not adjusted)

  • Change of responsibilities (user group changed)

  • Temporary authority (not timely revoked)

  • New products installed

• To prepare for a future event, such as installing a new application, moving to a higher security level, or setting up a communications network.

The techniques described here are appropriate for all these situations. Which things you audit and how often depends on the size and security needs of your organization.

Security auditing involves using commands on your system and accessing log and journal information. You can create a special profile to be used by someone doing a security audit of your system. The auditor profile needs *AUDIT special authority to change the audit characteristics of the system. Some of the auditing tasks suggested in this chapter require a user profile with *ALLOBJ and *SECADM special authority. Set the password for the auditor profile to *NONE when the audit period has ended.

For more details on security auditing, see Chapter 9, "Auditing System Security," in the iSeries™ Security Reference.

Parent topic:

Related concepts
Auditing system values Planning security auditing