Obviously, the monitoring resources in an organization are limited, but you need to have a well-defined strategy to track the access and configuration of the organizations' most important resources. Regulatory compliance is one of the main targets of security audits. Furthermore, security audits help you to identify and minimize gaps in your security policies and detect uncommon behavior.
Think about the four main steps to configure auditing and deriving the results:
Identify the correct set of data and users to monitor
Create and apply appropriate audit policies
Collect and analyze audit events
Manage and monitor the policies that were created
Your security audit policy should include a minimum of the following items:
Protection of the organization's data and intellectual property
Regulatory requirements
Users (including employees such as FTE and PTE), vendors, contractors, partners, resellers, and customers
Client and server computers with applications and services running