Accountability

IdentityAndAccessManagement

Accountability

Accountability can be achieved through auditing the audit trail to trace the activity to an entity uniquely.
Logs are the work product of accounting.
Audit trail refers to a set of correlated logs.
Auditing is the process of reviewing or examining logs.

Accountability is “the security objective that generates the requirement for actions of an entity to be traced uniquely to that entity.” (NIST SP 800-33)

Accountability is about “tracing the activity to an entity uniquely.” It doesn’t matter whether or not a subject is authorized to access an object. Unauthorized access is logged as well. A subject can be held accountable for unauthorized access.

Leave a Reply