The integrity and reliability of Security Incident investigations is greatly strengthened if your information systems are monitored and audited regularly.

• A data owner may inadvertently allow modifications of audit trails to be carried out by members of staff, thus hindering Information Security incident investigations.

• Ensure that the responsibility for Information Security auditing and monitoring is not with the owner of the data or system under review.
• Ensure that all audit logs are held in a secure location under strong access control.
• Ensure that the sign off for the closure of an Information Security incident is countersigned by the data owner and Information Security Officer.
• Ensure that the procedures used to handle Information Security incidents include investigation of any potential backdoor access being created or used.
• See also Combating Cyber Crime and Complying with Legal Obligations.