SECURITY ASSURANCE THROUGH EFFICIENT EVENT LOG AND AUDIT TRIALS
S. K. Pandey1*, K. Mustafa2
|Corresponding Author: E-mail: [email protected] , [email protected]|
|Related article at Pubmed, Scholar Google|
In current digital era, business organizations are using Information and Communications Technologies (ICT) for better support of their goals. There is no doubt to say that every function of the business modules is either dependent or going to be reliant on IT related tools and techniques. This facilitates organizations on one side but at the same time, it has some big challenges also from the security perspective. Insecure software is already proving to be a threat to the financial, defense, energy, and other critical important applications, which are increasing risk in direct or indirect way. To overcome these issues, a variety of methodologies have been deployed for developing secure software, but, on the other hand, attackers are continuously exploiting vulnerabilities to compromise security. Research studies reveal that security cannot be added in developed software rather it should be introduced right from the beginning in the Software Development Life Cycle (SDLC). To achieve this objective, security measures must be embedded throughout the SDLC phases and starting from the requirements phase itself. ‘Event Log and Audit Trails’ is globally accepted as one of the prominent security requirements. Appropriate level of this requirement may well enforce security features and hence, ensure security for deployed software. The paper proposes a checklist, which may enable the assessment of the appropriateness of ‘Event Log and Audit Trails’ and lead to counter/additional measures for security assurance.