To secure a network, it is important to identify the normal operating parameters so that you can recognize atypical variations from this baseline operational level. The first step toward minimizing the potential damage that may result from unauthorized access attempts is the detection and identification of an unauthorized intrusion. Intrusion detection requires a detailed understanding of all operational aspects of the network, along with a means to identify variations and bring these changes to the attention of the proper responsible parties. Auditing is done to protect the validity and reliability of organizational information and systems. As a security professional, you can audit a vast amount of data. Auditing can create a large repository of information that has to be filtered through.