Security-related system activity is recorded in an audit trail, which you can use to detect system penetration and resource abuse.
By examining the audit trail, the system security officer can inspect patterns of access to objects in databases and can monitor the activity of specific users. Audit records can be traced to specific users, enabling the audit system to act as a deterrent to users who are attempting to misuse the system.
A system security officer manages the audit system and is the only user who can start and stop auditing, set up auditing options, and process audit data.