human associated with a specific user account was the actual entity
               controlling that user account when the undesired action took place.

               To have viable accountability, you may need to be able to support your

               security decisions and their implementation in a court of law. If you
               are unable to legally support your security efforts, then you will be
               unlikely to be able to hold a human accountable for actions linked to a
               user account. With only a password as authentication, there is
               significant room for doubt. Passwords are the least secure form of

               authentication, with dozens of different methods available to
               compromise them. However, with the use of multifactor
               authentication, such as a password, smartcard, and fingerprint scan in
               combination, there is very little possibility that any other human could
               have compromised the authentication process in order to impersonate
               the human responsible for the user account.



                  Legally Defensible Security



                  The point of security is to keep bad things from happening while
                  supporting the occurrence of good things. When bad things do
                  happen, organizations often desire assistance from law
                  enforcement and the legal system for compensation. To obtain
                  legal restitution, you must demonstrate that a crime was
                  committed, that the suspect committed that crime, and that you

                  took reasonable efforts to prevent the crime. This means your
                  organization’s security needs to be legally defensible. If you are
                  unable to convince a court that your log files are accurate and that
                  no other person other than the subject could have committed the
                  crime, you will not obtain restitution. Ultimately, this requires a
                  complete security solution that has strong multifactor

                  authentication techniques, solid authorization mechanisms, and
                  impeccable auditing systems. Additionally, you must show that the
                  organization complied with all applicable laws and regulations,
                  that proper warnings and notifications were posted, that both
                  logical and physical security were not otherwise compromised, and
                  that there are no other possible reasonable interpretations of the
                  electronic evidence. This is a fairly challenging standard to meet.