Accounting
Accounting is about keeping track of who, what, where, when, why, and how. It is the process of monitoring, recording, and auditing everything in your organization. By keeping track of who accessed what data, where and when they accessed it, why they accessed it, and how they accessed it, you will be more aware and in tune with what is happening (good or bad) in and around your organization. For a security professional, this is one of the most important A’s of AAA, yet many fail to implement an appropriate level of accounting, or if they do, they are overwhelmed by it and fail to continually follow up on what needs to be done with the collected information. Accounting generates a lot of logs, and the logs will be your window into the happenings within and around your network and resources. So, having a security information and event management (SIEM) solution as well as a security orchestration, automation, and response (SOAR) tool will definitely help you stay in the loop and focused on continually monitoring and protecting your network. A SIEM solution helps you collect logs, consolidate logs, correlate logs, and get notified about abnormalities/threats in logs that are in breach of established policies. A SOAR tool helps you automate responses and reduce the amount of human intervention when an abnormality/threat has been detected.
For example, say that your SIEM solution collects logs, consolidates logs, correlates logs, and notifies you, but you have to manually react and respond. So from the moment of notification to the successful completion of the response, there may be a significant amount of time lost. With the help of a SOAR tool, you might have scripts or the help of artificial intelligence (AI) and machine learning (ML) to immediately respond to the notifications and threats without human intervention.