Why should user IDs be included in data captured by auditing procedures?

A.
Shows what files were attacked

B.
Establishes individual accountability

C.
Needed to detect a denial-of-service attack

D.
Activates corrective measures

Explanation:
For auditing purposes the procedure should capture user ID, time of
event, type of event, and source workstation. User ID makes individuals accountable
for their actions.