This topic describes the purpose of security audits.
People audit their system security for several reasons:
- To evaluate whether the security plan is complete.
- To make sure that the planned security controls are in place and working.
This type of auditing is usually performed by the security officer as part
of daily security administration. It is also performed, sometimes in greater
detail, as part of a periodic security review by internal or external auditors.
- To make sure that system security is keeping pace with changes to the
system environment. Some examples of changes that affect security
are:
- New objects created by system users
- New users admitted to the system
- Change of object ownership (authorization not adjusted)
- Change of responsibilities (user group changed)
- Temporary authority (not timely revoked)
- New products installed
- To prepare for a future event, such as installing a new application, moving
to a higher security level, or setting up a communications network.
The techniques described here are appropriate for all these situations.
Which things you audit and how often depends on the size and security needs
of your organization.
Security auditing involves using commands on your system and accessing
log and journal information. You can create a special profile to be used by
someone doing a security audit of your system. The auditor profile needs *AUDIT
special authority to change the audit characteristics of the system. Some
of the auditing tasks suggested in this chapter require a user profile with
*ALLOBJ and *SECADM special authority. Set the password for the auditor profile
to *NONE when the audit period has ended.
For more details on security auditing, see Chapter 9, "Auditing System
Security," in the iSeries™ Security Reference.