A method for proactively enforcing security in a computer system is provided. A plurality of security modification rules is stored for a system. A set of conditions is associated with each security modification rule. Based on one or more audit records generated for the system, the system determines whether the set of conditions associated with any security modification rule has been satisfied. If the system determines that the set of conditions associated with a particular security modification rule has been satisfied, then the system performs an action that modifies one or more security parameters associated with the system, where the action is associated with the violated security modification rule.