The Importance of Effective Log Management for IS Auditors

A.

Of the options given, the finding that would be of greatest concern to an IS auditor performing an information security audit of critical server log management activities would be A. Log records can be overwritten before being reviewed.

This is because server logs are a critical component of information security as they contain important information about system and network activity. They are used to monitor security incidents, track user activity, and identify potential security threats. As such, it is crucial that log records are properly managed to ensure their integrity, confidentiality, and availability.

If log records can be overwritten before being reviewed, this could result in important security events being lost, making it difficult or impossible to investigate security incidents or identify potential security threats. This could compromise the confidentiality, integrity, and availability of the system and the data it contains.

Option B, insufficiently documented logging procedures, is also a concern as it could lead to inconsistencies or errors in the logging process, making it difficult to properly monitor and investigate security incidents. However, it is not as critical as the risk of overwritten log records.

Option C, dynamically routing log records to different servers, could be a concern if it results in a lack of centralized logging, making it difficult to monitor system and network activity. However, if the logs are properly managed and secured, this would not necessarily be a significant risk to information security.

Option D, monitoring logs using manual processes, is also a concern as it can lead to inconsistencies and errors in log monitoring. However, if manual processes are properly documented and controlled, they may still be effective in ensuring the integrity, confidentiality, and availability of log records.