6.4 Compare and contrast authentication, authorization, accounting and non-repudiation concepts.
📘CompTIA ITF+ (FC0-U61)
Accounting in IT Security
Accounting in IT is tracking what users do on a system. It’s sometimes called auditing. This is different from authentication (proving who you are) and authorization (what you are allowed to do). Accounting tells the organization what actions happened, when, and by whom.
The main purpose of accounting is:
- Security monitoring – Detect unusual activity.
- Troubleshooting – Find and fix errors or system problems.
- Compliance – Meet company rules or laws that require activity tracking.
- Accountability – Know who did what, to prevent misuse or mistakes.
1. Logs
- What it is: A log is a record of events on a computer, server, or network.
- Examples in IT:
- Login attempts (success or failure) on a server.
- Files accessed or modified on a shared drive.
- Errors from applications or the operating system.
- Security events like antivirus detecting malware.
- Why it matters: Logs help IT staff see who did what and when. For example, if a server crashes, logs can show which process or user caused the issue.
Key points for exams:
- Logs are automated records.
- They can be stored on the device or sent to a central logging system.
- Regular log review is important for security audits.
2. Tracking
- What it is: Monitoring user activity over time to see patterns or unusual behavior.
- Examples in IT:
- Monitoring network traffic to see which users are downloading large files.
- Tracking file changes on a cloud server to detect unauthorized modifications.
- Monitoring login locations to detect if someone accesses from an unusual country.
- Why it matters: Helps detect security threats early, such as hackers accessing accounts, or internal users performing unauthorized actions.
Key points for exams:
- Tracking can be continuous or on-demand.
- It often relies on logs, analytics, and monitoring tools.
3. Web Browser History
- What it is: A record of websites visited by a user in a browser.
- Examples in IT:
- IT admins checking browser history to ensure safe and productive use of company devices.
- Web filters using history to block harmful or non-work-related websites.
- Investigating phishing or malware incidents by seeing which websites were visited.
- Why it matters: Browser history is a type of accounting because it shows actions performed on the Internet, which can be used to investigate problems or prevent security issues.
Key points for exams:
- Browser history is a form of local tracking, usually stored on the device.
- It can be cleared, so for long-term auditing, centralized logging is preferred.
Summary Table for Accounting
| Concept | What It Does | Example in IT Environment |
|---|---|---|
| Logs | Records system events | Login attempts, file changes, error messages |
| Tracking | Monitors user or system activity over time | Network activity monitoring, login location tracking |
| Web Browser History | Shows websites visited | Reviewing visited URLs during phishing investigation |
Exam Tips
- Remember that accounting is about recording and monitoring actions, not controlling them (that’s authorization).
- Logs and tracking are essential for security, troubleshooting, and compliance.
- Browser history is just one type of activity record.
