Security audits

This topic describes the purpose of security audits.

People audit their system security for several reasons:

To evaluate whether the security plan is complete.
To make sure that the planned security controls are in place and working. This type of auditing is typically performed by the security officer as part of daily security administration. It is also performed, sometimes in greater detail, as part of a periodic security review by internal or external auditors.
To make sure that system security is keeping pace with changes to the system environment. Some examples of changes that affect security are:
- New objects created by system users
- New users admitted to the system
- New products installed
- Object ownership changes that can require authorization changes
- Responsibility changes that can cause users to move from group to group
- Temporary authority that needs to be revoked in a timely manner
To prepare for a future event, such as installing a new application, moving to a higher security level, or setting up a communications network.

The techniques described here are appropriate for all these situations. Which things you audit and how often depends on the size and security needs of your organization.

Security auditing involves using commands on your system and accessing log and journal information. You can create a special profile to be used by someone doing a security audit of your system. The auditor profile needs *AUDIT special authority to change the audit characteristics of the system. Some of the auditing tasks suggested in this chapter require a user profile with *ALLOBJ and *SECADM special authority. Set the password for the auditor profile to *NONE when the audit period has ended.