A.3. Accountability Concerns

Accountability is the process of holding individuals responsible for their actions. In the IT world, we want to hold employees accountable for the actions of their user accounts. In order to do this, the entire accountability process must be supportable in a court of law. The ultimate test of how well your security works is if you are able to criminally prosecute someone because of your organization's strong accountability infrastructure. That infrastructure must be able to be explained and proven to a jury so that there remains no reasonable doubt about its reliability. If a defense attorney can reveal a weakness in your accountability infrastructure, then the evidence of a user account performing illegal actions may not be sufficient to prove that a specific human was controlling that user account at that time.

There are five steps of accountability:

Among the items in this list, authorization stands out as appearing repeatedly throughout this appendix because so many mechanisms and methodologies exist that govern the processes granting and restricting access to resources.