What is the best audit recommendation for an IS auditor if DBAs can purge logs from the database server?

The most effective audit recommendation in this scenario is to centralize log storage so that DBAs do not have access. This approach reduces the risk associated with DBAs potentially purging logs, which are critical for audit trails, accountability, and forensic investigations. By ensuring that log files are stored in a centralized location where DBAs cannot alter or delete them, the integrity and availability of these logs are safeguarded.

Centralized log management not only enhances security by limiting access to sensitive log data but also facilitates easier auditing and monitoring, as logs can be reviewed independently of the database administrators. This independence is crucial in maintaining trust in the logging system and ensuring that compliance with policies and regulations is upheld.

While changing permissions to prevent DBAs from purging logs addresses the immediate concern, it does not eliminate the possibility of a DBA finding ways to manipulate permissions or using their access rights to bypass controls. Backing up database logs to tape is a good practice for data recovery, but it does not prevent the risk of critical logs being deleted before they can be backed up. Requiring formal approval for critical changes, while important for management controls, does not directly address the issue of log purging. Thus, centralizing log storage is the most comprehensive and effective recommendation in