Setting Up Security Control > Monitoring System Security
  
Monitoring System Security
Particularly in environments where security procedures are subject to regulatory controls, system administrators need methods of tracking security-related events.
The system provides automatic features to help administrators control and monitor security activities:
Based on settings in Security Control, users who enter an incorrect user ID/password combination more than a specified number of times are automatically locked out of the system. They can use their user ID again only after the system administrator has reenabled it.
When an account is disabled, the e-mail system can automatically notify system users that have been assigned an administrator role. This serves two purposes:
In cases where the user simply forgot a password or mistyped it repeatedly, the administrator can quickly restore access.
The administrator knows immediately if an unauthorized user is attempting to access the system with a known user ID. This lets the administrator take appropriate steps such as immediately requiring all users to change their passwords. Force Password Change Utility (36.3.23.12) lets the administrator force users to update their passwords based on role, domain, and/or the date of the last change.
Depending on the level of login history specified in Security Control, use Logon Attempt Report (36.3.23.1) to track when login attempts take place. This could be useful, for example, to track specific times when unauthorized users are attempting to access the system. The report shows such information as the user ID of the person who attempted the login, as well as the date, time, server time zone, and other data relevant to the login event. (If you are using electronic signatures, E‑Signature Failure Report (36.12.7) lets you monitor unsuccessful signature events.)
Example: You can set up batch processing to run this program each morning to identify all failed login attempts on the previous day.
Each time a user account is enabled or disabled, the Enabled Reason field in User Maintenance must be updated. This happens automatically when an account is disabled as a result of excess unsuccessful login attempts. Otherwise, the administrator must enter a reason code manually.