Telemetering trailer (1952).  Interior of trailer used by Douglas Aircraft to monitor and direct aircraft test flights.  In the right foreground are the magnetic tape recorders for two 88-channel FM radio links.  The trailer contains a pole (not pictured) by which a technician watching meters on the radio racks can keep the helix antenna on the trailer roof directed toward the airplane in flight.  Source: Douglas Aircraft and National Museum of American History.
 

Audit trails and audits

What is it?

In computer and network contexts, an audit trail is a time-stamped record of significant activities on a system.  Recorded events can include user logins and logouts to the system, as well as what commands were issued by the user to the system while logged in.

Since data protection is a core goal of information security, audit trails often keep a record of data accesses -- logging file creation, reading, updating and deleting ("CRUD" activities) for each user.  Uses of system resources may also be logged, such as printing files or copying data from one storage location to another.  Unsuccessful access attempts may also be tracked.

In other words, an audit trail keeps track of who did what, to what, and when they did it, as well as who tried to do something but was unsuccessful.

Audit trails are a fundamental part of computer security, particularly useful for tracing unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.

Why does it have to do with you?

If you are a system administrator, you will need to know about the audit trail capabilities required for and available to your system and for the University network as a whole.  (More on that below.)  

If you are a system user, you need to be aware that everything you do on a computer system or network may be recorded and subject to inspection for security purposes.  Neither state nor federal law provides privacy rights for employees with respect to such information.  In the U.S., employers have essentially unlimited rights to monitor workplace information systems activity.

This is another reason why it is critical to protect your user-IDs (login-IDs) and associated passwords, and report promptly if you think any of them may have been compromised.  Any destructive or illegal activity that occurs using your ID will be recorded as having been done by you, and it may not be easy for you to prove it was someone else.

Using audit data, some systems inform you at login when you last logged in.  Or they identify the last time you used or modified a particular data file, or accessed a particular resource.  Get in the habit of looking at this information, to be sure it reflects something you did.  If the activity data doesn't seem right, it may mean your user-ID has been compromised.  Report it immediately.  (Click here to report an information security incident on the Medical campus.).

System administrator responsibilities

Auditing capabilities are a standard component of most security standards.  The International Organization for Standardization Information Security Standard (ISO 17799/27001-2) calls for it; so do the federal health information security regulations (HIPAA) that address electronic systems containing protected health information (ePHI).

Assurance of appropriate auditing capabilities is the responsibility of every system administrator or service provider that manages, transports, or has the ability to enable/revoke access to or manipulation of data, authentication services, communication systems or network activity.

System administrators must abide by established University of Miami policies and procedures as well as those that apply to their respective specialty areas.  You must also be aware of and adhere to any applicable federal, state, local or University specific policies and procedures that apply to your area of responsibility.

I have a special audit request, whom do I contact?

Medical Information Technology can provide audit trails for various credentialing, communications and Internet functions from networking to desktop computer activity.  Contact our Data Center Services groups for more information about capabilities.

Departments requesting individual or group audit support for specific investigations should submit their requests through the Medical Center Department of Human Resources, Medical School General Counsel, or Internal Audit as applicable.

If you have a question about HIPAA-related auditing, contact the  HIPAA Privacy and Security Office.

Learn more

Audit trails (NIST Computer Security Resource Center)
Technical overview of audit trails and their functions

Audit trails (Wikipedia)
Overview and links to technical information on audit trails