Page 1245 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1245
prevent modification or deletion.
Monitoring and Accountability
Monitoring is a necessary function to ensure that subjects (such as
users and employees) can be held accountable for their actions and
activities. Users claim an identity (such as with a username) and prove
their identity (by authenticating), and audit trails record their activity
while they are logged in. Monitoring and reviewing the audit trail logs
provides accountability for these users.
This directly promotes positive user behavior and compliance with the
organization’s security policy. Users who are aware that logs are
recording their IT activities are less likely to try to circumvent security
controls or to perform unauthorized or restricted activities.
Once a security policy violation or a breach occurs, the source of that
violation should be determined. If it is possible to identify the
individuals responsible, they should be held accountable based on the
organization’s security policy. Severe cases can result in terminating
employment or legal prosecution.
Legislation often requires specific monitoring and accountability
practices. This includes laws such as the Sarbanes–Oxley Act of 2002,
the Health Insurance Portability and Accountability Act (HIPAA), and
European Union (EU) privacy laws that many organizations must
abide by.
Monitoring Activity
Accountability is necessary at every level of business, from the
frontline infantry to the high-level commanders overseeing daily
operations. If you don’t monitor the actions and activities of users
and their applications on a given system, you aren’t able to hold
them accountable for mistakes or misdeeds they commit.
Consider Duane, a quality assurance supervisor for the data entry
department at an oil-drilling data mining company. During his
