>> The third A in the AAA model refers to accounting.
>> AAA模型中的第三个A是审计。
Keeping track of users and their actions is very important.
跟踪用户及其行为非常重要。
From a forensics perspective, tracing back to events leadingup to a cybersecurity incident can prove very valuable to an investigation.
从取证学的角度来看,追溯导致网络安全事件的事件对调查非常有价值。
Predicting what disgruntled employees might be up to, for example, with a certain numberof failed login attempts to a server they are not authorizedto access is made possible by accounting.
通过审计可以预测心怀不满的员工可能会做什么,例如,在他们没有权限访问的服务器上登录失败的次数达到一定数量时。
A generic account for administrators or managers to share is not a very good idea.
管理员或管理员共享的通用帐户不是一个好主意。
The accounting can't tie actions to an individual.
会计不能把行为与个人联系起来。
The band The Police said it best, "Every move you make, I'll be watching you."
警察乐队说得最好:“你的一举一动,我都会看着你。”
Some companies that send employees on mandatory vacations claim they doso to avoid employee burnout; however when employee B stepsinto employee A's role while employee A is on the beach in Hawaii,employee B is performing checks and balances on employee A.
一些让员工强制休假的公司声称这样做是为了避免员工精疲力竭;但是,当员工B在夏威夷的海滩上扮演员工A的角色时,员工B正在对员工A进行检查和平衡。
Employee A could have been hidingor covering up log entries that are now able to be seen and revealed by employee Bwho is on the same level as employee A.
员工A可能一直在隐藏或掩盖日志条目,这些日志条目现在可以被与员工A处于同一级别的员工B看到和显示。
转载于:https://www.cnblogs.com/sec875/articles/10321251.html
相关资源:Cloud.Computing.Security.Foundations.and.Challenges