Difference between revisions of "Category:Accountability"

From OWASP
Jump to: navigation, search
 
 
Line 6: Line 6:
  
 
[[Category:OWASP CLASP Project]]
 
[[Category:OWASP CLASP Project]]
 +
[[Category:Business Impact Factors]]

Latest revision as of 08:18, 3 June 2006


Accountability

Users of a system should generally be accountable for the actions they perform. In practice, this means that systems should log information on operations that could potentially require review. For example, financial transactions must always be tracked in order to abide by Sarbanes-Oxley regulations. For logs to be used in cases of accountability, they should generally be difficult to forge, using a message authentication scheme that protects the integrity of logs by authenticating the entity that performed the logging.

This category currently contains no pages or media.