From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Accountability

Accountability

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Accountability

- [Instructor] Over time, applications can generate a lot of traffic and activity. Every login, every form submission, and every search query represents someone doing something with the access that you've granted them. The question is, are they using that access appropriately? Your access controls are going to be largely preventative, designed to make sure that users can only do what they're supposed to do. Users are clever though, and so are criminals. If they find a way to do something that they should not be doing, then you need to be able to catch them in the act. There's an old Russian saying that speaks to this exact concern, "Doveryai, no proveryai." "Trust, but verify." We refer to this concept as accountability. It means that you're able to determine who did what within your app. It also means you know the exact date and time that they did. It sounds simple, right? Let's just say it's easier said than done. When it comes to accountability, you're going to live and die by your…

Contents