Accountability
In identity and access management, accountability aspects play a major role in establishing preventative, detective, and corrective controls to access control attacks. Accountability, in simple terms, can be defined as monitoring activities of the authorized user. In other words, it is used for ensuring that the authorized users access the systems and perform activities for legitimate purposes.
When an attacker compromises a system, then the primary step for such an attack would be escalating privileges to get an authorized administrator level of access. Hence, it is important to establish strong accountability mechanisms to mitigate privilege-escalation attacks. Similarly, accountability measures provide audit data to validate available identity and access management controls and improve them.
Some of the common accountability measures in this domain are as follows:
- Logging
- System monitoring
- Session recording
- Keystroke monitoring
- Auditing