Overview of Auditor Responsibilities

An auditor is an individual who is authorized by an organization to use the network's auditing mechanisms to identify attempted or successful access by users to unauthorized information. The educated use of the server's auditing mechanisms by one or more trusted auditors is essential to ensure the principle of individual accountability (to determine who did what and when the event occurred). The auditor's responsibilities include the following general tasks:

• Enabling and configuring auditing.
• Ensuring that audit programs, control data, and audit trails are properly protected.
• Monitoring of the server volumes and audit data files to ensure that there is sufficient space for collection of audit data. The auditor is responsible for archiving and removing audit files when necessary to prevent automatic shutdown when audit files or disk space is exhausted.
• Reviewing audit data to find attempts to circumvent the security of the network.
• Reviewing the sufficiency of audit data being collected.
• Backing up the current audit configuration, including keeping a manual log for any information that is not handled by backup and restore utilities.
• Managing offline audit files backed up on removable media.

Specific procedures are described subsequently for the auditor to accomplish these general tasks.