Which of the following BEST ensures accountability of users for the actions taken within a system or domain?

A.
Identification

B.
Authentication

C.
Authorization

D.
Credentials

Explanation:
Identification and authentication are the keystones of most access control systems. Identification is the act of a
user professing an identity to a system, usually in the form of a log-on ID to the system. Identification
establishes user accountability for the actions on the system. Authentication is verification that the user’s
claimed identity is valid and is usually implemented through a user password at log-on time.
To ‘ensure’ accountability, the user must prove that they are who they say they are. This is the function of
authentication. Therefore, authentication best ensures accountability of users for the actions taken within a
system or domain.
Incorrect Answers:
A: Identification is the user saying who they are. However, to ensure accountability, you need authentication to
prove that they are who they say they are.
C: Authorization is the rights and permissions granted to an individual which enable access to a computer
resource. This does not ensure accountability because it does not ensure that the user accessing the system is
who they say they are.
D: Credentials are the user’s username and password combination. However, authentication is the process of
validating the credentials. Credentials alone (without validation/authentication) do not ensure that the user
accessing the system is who they say they are.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 57