Abstract. There are many existing software tools for identifying specific and severe IT security threats (virus checkers, firewalls). But it is more difficult to detect less severe and more general problems, such as disclosure of sensitive or private data. In theory, security problems could be detected with existing tools, but the amount of information provided is often too overwhelming. FCA is a promising technology in this application area because it helps to reduce and explore data without prescribing what it is that is searched for from the start. This paper demonstrates the use of FCA for analysing Unix system data with respect to IT security monitoring.