The process that tracks the activities of users and records selected types of events in the security log.
The process for determining the extent which policy, procedure, standards and practice combine to provide a safe and secure institutional environment. 21