System Accountability

A.

Is a means of being able to track user actions.

Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.

Accountability is the ability to identify users and to be able to track user actions.

The following answers are incorrect: Documented design as laid out in the Common Criteria.

Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.

Authorization.

Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.

Formal verification of system design.

Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.

References: OIG CBK Glossary (page 778)

System accountability is the ability to track and assign responsibility for actions taken by a computer system. It ensures that the system is functioning correctly and that users are acting appropriately. To achieve system accountability, several measures need to be taken, such as audit mechanisms, documented design, authorization, and formal verification of system design.

Out of the given options, the most crucial factor needed for system accountability is audit mechanisms (Option A). Audit mechanisms enable system administrators to monitor and track user activity, identify security breaches, and assess system performance. By examining audit logs, administrators can reconstruct past events and identify any actions that violate the system's policies.

Documented design, as laid out in the Common Criteria (Option B), is a standard for evaluating the security of information technology products. It is a set of guidelines used to ensure that products meet specific security requirements. While a documented design can help ensure that a system is secure, it is not essential for achieving system accountability.

Authorization (Option C) is a process of granting or denying access to specific resources. It ensures that only authorized users have access to the system and its resources. Authorization is a crucial component of a security system, but it alone does not guarantee system accountability.

Formal verification of system design (Option D) is a process of mathematically proving that a system's design meets its specification. Formal verification can help ensure that a system is functioning correctly, but it is not essential for achieving system accountability.

In conclusion, out of the given options, audit mechanisms are the most critical factor needed for system accountability. While the other options can help ensure a system's security, they are not essential for achieving system accountability.