Ensuring Accountability of Users within a System or Domain

The Importance of Ensuring User Accountability

Prev Question Next Question

Question

Which of the following best ensures accountability of users for the actions taken within a system or domain?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Details: The only way to ensure accountability is if the subject is uniquely identified and authenticated.

Identification alone does not provide proof the user is who they claim to be.

After showing proper credentials, a user is authorized access to resources.

References: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 126).

Of the options presented, the best choice for ensuring accountability of users for actions taken within a system or domain is authentication.

Authentication is the process of verifying the identity of a user, device, or system. This process is essential for ensuring that the actions taken within a system or domain can be traced back to a specific user or entity.

Identification is the process of providing a username or identifier to a system, but this alone does not verify the identity of the user. Credentials, on the other hand, refer to the user's username and password, or other authentication factors such as a smart card or biometric identifier. While credentials are necessary for authentication, they do not ensure accountability on their own.

Authorization refers to the process of granting or denying access to specific resources or actions within a system. While this is an important aspect of security, it is not directly related to ensuring accountability for actions taken within a system or domain.

Therefore, authentication is the best choice for ensuring accountability of users for actions taken within a system or domain, as it verifies the user's identity and provides a means to trace actions back to a specific user or entity.