When you’ve successfully gone through the identification, authentication, and authorization processes (or even while you’re still completing them), you need to keep track of the activities taking place in your organization. Even after you’ve allowed a party access to your resources, you still need to ensure that they behave in accordance with your rules, particularly those relating to security, business conduct, and ethics. Essentially, you need to make sure you can hold users of your systems accountable (Figure 4-1).

Figure 4-1: You should always hold users accountable.

Holding someone accountable means making sure ...

Get Foundations of Information Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.