Security audits

This topic describes the purpose of security audits.

People audit their system security for several reasons:

The techniques described here are appropriate for all these situations. Which things you audit and how often depends on the size and security needs of your organization.

Security auditing involves using commands on your system and accessing log and journal information. You can create a special profile to be used by someone doing a security audit of your system. The auditor profile needs *AUDIT special authority to change the audit characteristics of the system. Some of the auditing tasks suggested in this chapter require a user profile with *ALLOBJ and *SECADM special authority. Set the password for the auditor profile to *NONE when the audit period has ended.

For more details on security auditing, see Chapter 9, "Auditing System Security," in the iSeries™ Security Reference.

Related concepts
Audit system values
Plan security auditing