Accounting

(OBJ 1.2)

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
Its about moderate and logging any action that a user performs in the system
Common accounting actions:
- Logging into the system
- Accessing files
- Modifying configuration settings
- Downloading uninstalled software
- Attempting unauthorized actions on systems and networks

Your organization should use a robust accounting system so that you can create the following

Create an audit trail
- Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time
Maintain regulatory compliance
- Maintains a comprehensive record of all users’ activities
Conduct forensic analysis
- Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again
Perform resource optimization
- Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions
Achieve user accountability
- Thorough accounting system ensures users’ actions are monitored and logged , deterring potential misuse and promoting adherence to the organization’s policies

Syslog Servers
- Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems
Network Analysis Tools
- (e.g. Network Analyzers)
- Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network
Security Information and Event Management (SIEM) Systems
- Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization