81. AUTHORIZATION & ACCOUNTABILITY

Authorization applies to subjects rather than to users (the association between a user and the subjects initially controlled by that user having been determined by I&A). Authorization determines what a subject can do on the system.Most modern operating systems define sets of permissions that are variations or extensions of three basic types of access:


Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix systems, the 'execute' permission doubles as a 'traverse directory' permission when granted for a directory.) These rights and permissions are implemented differently in systems based on discretionary access control (DAC) and mandatory access control (MAC).AccountabilityAccountability uses such system components as audit trails (records) and logs to associate a subject with its actions. The information recorded should be sufficient to map the subject to a controlling user. Audit trails and logs are important for.


Detecting security violations Re-creating security incidents If no one is regularly reviewing your logs and they are not maintained in a secure and consistent manner, they may not be admissible as evidence.Many systems can generate automated reports based on certain predefined criteria or thresholds, known as clipping levels. For example, a clipping level may be set to generate a report for the following:


More than three failed logon attempts in a given period Any attempt to use a disabled user account These reports help a system administrator or security administrator to more easily identify possible break-in attempts. Where you are, for example inside or outside a company firewall, or proximity of login location to a personal GPS device .