Is…
- Who did it?
- Do we have Non-repudiation?
- What are legal consequences?
- How shall we secure the systems?
- Who is accountable?
Provides:
- integrity and assurance,
- authenticity..
Enforced via:
- audit trails & logs,
- design, governance and policy,
- standards*,
- RACI matrix..
*standards should include [internal] Minimal Security Baseline (MSB) with influences of vendor best practices, external standards, directives, etc.