Security: Security is a broad concept that refers to protecting systems, assets, and individuals from unauthorized

access, damage, or harm. It can apply to physical, digital, and even human resources.

Example: Security measures in a building could include locks, surveillance cameras, and security personnel to
prevent unauthorized physical access.

Network Security: Network security specifically deals with protecting the integrity, confidentiality, and availability of
data as it travels through or is stored in a network. It involves protocols, tools, and techniques designed to protect
networks from cyberattacks, unauthorized access, misuse, or theft.

Example: Using firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs) to protect data traffic
on an organization's network from hackers or malware.
Information Security (InfoSec): Information security focuses on protecting data, whether in digital, physical, or
other formats. It aims to safeguard the confidentiality, integrity, and availability (CIA triad) of information from
unauthorized access, use, disclosure, disruption, or destruction.

Example: Encrypting sensitive data, like customer records in a database, and using access control measures to
ensure only authorized personnel can view or modify that data
Key Differences:

Scope:
• Security is the broadest term and can include physical, digital, human, and organizational aspects.

• Network security focuses on the digital and physical protection of data moving through or stored on
networks.

• Information security encompasses protecting data itself, whether on a network, in a physical file, or
within a software system.

Application:
• Security applies to both the physical and digital realm.

• Network security is confined to protecting computer networks and data communication systems.

• Information security focuses on safeguarding information across all storage mediums and
platforms.
Information security models are frameworks that provide structured guidelines to ensure the security of
information systems by outlining rules and policies that dictate how data should be accessed, managed, and
protected.

These models are based on the principles of confidentiality, integrity, and availability (CIA), which are the pillars of
information security.

Confidentiality- No read up, no write down (Ensuring that sensitive information is accessible only to those who are
authorized to access it.)

Integrity- No write up, no read down (Ensuring that information remains accurate, consistent, and trustworthy over
its entire lifecycle.)

Availability- Ensuring that information and resources are accessible and usable when needed.
CIA Principals Attack Type Description

Confidentiality Eavesdropping, Traffic Analysis Unauthorized access to sensitive

information

Integrity Modifications, Masqueradings Replay Attacks, Unauthorized modification or

Repudaion corruption of data

Availability DoS, DDoS Disruption of access to resources or

services
In cybersecurity, attacks on systems are generally categorized into passive and active attacks, based on the
attacker’s actions and the intended effects on the system. Here’s a breakdown of these two categories:

Passive Attacks
In passive attacks, the attacker’s goal is to observe, intercept, or listen to the communications or data without
altering the system or its operations. These attacks are hard to detect because they do not involve any
modification of the data, just monitoring.

Active Attacks
In active attacks, the attacker modifies, disrupts, or destroys the communication or system resources, making
them more harmful and easier to detect. These attacks often involve breaking into a system or network, altering
the data or systems in a way that impacts their normal functioning.
Category Passive Attacks Active Attacks
Definition The attacker intercepts or observes data without altering it or The attacker modifies, disrupts, or
disrupting the system manipulates data or system resources.
Primary Goal Information gathering (confidentiality breach). Disruption of operations, unauthorized
access, or data manipulation.
Impact No direct alteration of data or system operations Direct alteration of data, interruption of
services, or system damage.
Detection Difficult to detect due to non-intrusive nature. Easier to detect due to its disruptive actions.
Examples Eavesdropping (Interception) Man-in-the-Middle (MITM)
Traffic Analysis Denial of Service (DoS)
Distributed Denial of Service (DDoS)
Masquerading (Spoofing)
Replay Attacks
Message Modification
Session Hijacking
Objective To gather intelligence for future use. To disrupt, damage, or manipulate systems or
data.
Typical Attacks On Confidentiality (keeping information secret). Integrity and availability (trustworthiness and
accessibility of data/systems)
Vulnerabilities are weaknesses that can be exploited by threats. A vulnerability is a weakness or flaw in a
system, application, or network that could be exploited by a threat to cause harm or unauthorized access. It
refers to a gap in security that leaves a system exposed to attacks.

Examples:
A software bug that allows attackers to gain unauthorized access (e.g., buffer overflow).
Weak passwords used by users for logging into systems.
Improper access controls allowing unauthorized users to access sensitive data.
Threats are potential causes of harm. A threat is any potential danger that could exploit a vulnerability to
harm or compromise an asset (such as data, systems, or networks). It refers to something that has the
potential to cause damage or unauthorized access.

Examples:
A hacker attempting to breach a system's defenses.
Malware infecting a computer network.
A power outage disrupting system availability.
A phishing attack to steal credentials.
Risk is the potential for loss or damage, determined by the likelihood of a threat exploiting a vulnerability and the
severity of the resulting damage.
• Understanding these concepts is critical in prioritizing security measures and managing overall security
effectively.
• Risk is the likelihood or probability that a threat will exploit a vulnerability, leading to a potential loss or
impact.
• It is a measure of the potential impact on an asset if a threat successfully exploits a vulnerability.
• Risk takes into account both the probability of an attack and the consequences of that attack.
What is Identification?

Identification is the process of asserting who someone is or what something is.

It answers the question: "Who are you?“

Example:
A user enters a username when logging into a website. The system identifies the user as "User123," but it hasn’t
verified their identity yet.

Key Concepts:
Unique Identifiers: Username, Email ID, Employee ID, etc.
Purpose: To assign identity to a user or device within a system.
What is Authentication?

Authentication is the process of verifying that an individual or entity is who they claim to be.

It answers the question: "Are you who you say you are?“

Example:
After entering a username, the user provides a password. The system checks if the password matches the
one linked to "User123," confirming the user's identity.

Key Concepts:

Verifying the credentials provided during identification.

Ensures the security of resources and data access.
Key Differences: Identification vs. Authentication

Identification:
• Establishes identity.
• Simple assertion, not verified.
• Example: Providing a username.

Authentication:
• Validates the identity.
• Verification process using credentials.
• Example: Providing a password to validate the username.
Need of Authentication and identification
Falsifying identification refers to the act of creating, altering, or using false information or documents to
misrepresent one's identity or the identity of another person.

This is typically done with malicious intent, such as gaining unauthorized access to systems, evading law
enforcement, or committing fraud.

1. Fake Documents

Example: Creating counterfeit identification cards, passports, or driver’s licenses to impersonate someone or
to construct a completely fictitious identity.

Use Case: A criminal creates a fake passport to cross international borders or open a bank account under a
false name.
2. Stolen Identity

Example: Using someone else's personal information (such as Social Security Number, name, or address)
to impersonate them.

Use Case: A hacker steals an individual’s identity and uses it to apply for credit cards, loans, or other
services in their name.

3. Falsified Credentials

Example: Using false academic or professional qualifications to gain employment or secure contracts.

Use Case: An individual creates a fake university degree to qualify for a job they are not actually qualified
for.
4. Phishing or Social Engineering

Example: Manipulating someone into providing their identification information, which is then used to falsify
their identity.

Use Case: A cybercriminal sends a fake email posing as a bank and tricks the recipient into giving their login
credentials, which are then used to steal their identity.

5. Biometric Spoofing

Example: Using fake fingerprints, facial masks, or other techniques to fool biometric scanners and gain
access to systems or physical locations.

Use Case: A hacker creates a fake fingerprint mold to gain access to a building that uses fingerprint-based
authentication.
Implications of Falsifying Identification:

Security Threat: Falsifying identification can lead to unauthorized access to sensitive systems, data breaches,
and financial losses.

Legal Consequences: It is illegal in most jurisdictions and can result in heavy penalties, including fines and
imprisonment.

Fraud: Commonly used in fraud schemes, where individuals assume a false identity to deceive businesses,
banks, or government institutions
Authentication Methods

Types of Authentication:

• Knowledge-Based (Something you know)

• Example: Password or PIN. When logging into a bank's website, users input their password to prove
their identity.

• Possession-Based (Something you have)

• Example: Smartcards or One-Time Password (OTP). When using online banking, users might receive
an OTP on their phone, which they enter to complete their login.

• Inherence-Based (Something you are)

• Example: Fingerprint or Facial Recognition. Modern smartphones allow users to unlock their devices
using biometric data.

• Location-Based (Somewhere you are)

• Example: GPS Location or IP Address. Some services check if you’re logging in from an unfamiliar
location and may trigger additional security checks.
Based on the number of factors

Single Factor Authentication

Multifactor authentication
Multi-Factor Authentication (MFA)
MFA is the use of two or more independent factors (e.g., knowledge, possession, inherence) to verify a user’s
identity.

Common MFA Examples:

• Banking Applications: Logging in requires both a password (knowledge) and an OTP sent to your phone
(possession).
• Corporate Login: Accessing a company’s internal network may require both a password and a
fingerprint scan (biometrics).

Benefits:
• Increased Security: Combining multiple factors reduces the risk of compromised access.
• Real-World Example: MFA helps prevent account breaches, as seen in large-scale attacks like those on
Yahoo or Twitter, where single-factor authentication (passwords alone) was easily bypassed.
Challenges in Identification and Authentication

Security Threats:

• Password Weaknesses: Using simple or reused passwords across different accounts.

• Example: The 2017 Equifax breach was partially due to weak and reused passwords, exposing sensitive
customer information.

• Phishing Attacks: Attackers use fake emails to steal user credentials.

• Example: In 2020, Twitter suffered a high-profile phishing attack where hackers gained access to
employee credentials and used them to hijack several high-profile accounts.

• Biometric Spoofing: Hackers can trick fingerprint or facial recognition systems using spoofing techniques.
• Example: Researchers have shown that 3D-printed fingerprints can bypass some fingerprint scanners.
User Experience:
• MFA can be cumbersome and frustrate users who prefer faster logins.
• Example: Some users opt to disable MFA on social media platforms due to the inconvenience of repeatedly
entering additional codes.

Scalability:
• Handling authentication for large-scale systems (e.g., cloud services, IoT) is challenging.
• Example: As IoT devices proliferate, ensuring secure and scalable authentication methods for millions of
devices is a growing concern.
Authorization

Authorization is the process of granting or denying permission to a user or system to access specific resources or
perform specific actions. It happens after authentication, which confirms the user's identity.

Key Characteristics:
Determines what a user is allowed to do.
Based on roles, permissions, and policies.

Example:
A user logs into a banking application (authentication).
Authorization ensures:
• A regular user can view their account balance but cannot approve loans.
• An admin can view all accounts and approve loans.
Principle of Least Privilege (PoLP)

The Principle of Least Privilege (PoLP) is a fundamental security concept that ensures users, applications, or
systems are granted only the minimum level of access necessary to perform their specific tasks.

It aims to reduce security risks by limiting access rights to the absolute minimum required for functionality.

Key Features of PoLP

Minimal Permissions:
Only grant access that is necessary for the job. For example, a user who needs to read a report should not
have the ability to modify or delete it.

Task-Specific Access:
Privileges are role-specific or task-specific, avoiding unnecessary access to unrelated resources.

Temporary or Time-Limited Access:

Elevated privileges should be granted for a limited time and revoked as soon as they are no longer needed.

Granularity:
Fine-grained controls are used to define and restrict permissions at a detailed level.
Benefits of PoLP

Enhanced Security: Limits potential damage from malware, insider threats, or human error.

Reduced Attack Surface: Restricting privileges decreases the resources an attacker can exploit in case of
a breach.

Containment: If a user or process is compromised, the impact is limited to the privileges assigned.
Examples of PoLP

User Accounts
Administrator Access: Only IT admins need full system privileges; regular users operate with standard
accounts.
Database Permissions: A user requiring only query access to a database is not given the ability to modify or
delete tables.

Applications
A mobile app that requires access to a phone's camera does not request access to contacts or location data.
A web service accessing a database only has read permissions for data it needs to display and no write
permissions.

System Processes
A backup process is allowed to read from all directories but does not have permissions to execute or modify files.

Temporary Access
A developer troubleshooting a production issue is given temporary admin rights for the duration of the task, after
which the privileges are revoked.
Best Practices for Implementing PoLP

Role-Based Access Control (RBAC):- Assign roles with predefined permissions to ensure users only have access to
what their role requires.

Periodic Reviews:- Regularly audit user and system privileges to ensure they remain necessary and appropriate.

Segregation of Duties (SoD):-Divide critical tasks among multiple users to prevent one user from having excessive
access.

Automation:- Use tools to enforce and monitor least-privilege policies, such as automated privilege revocation after
task completion.

Just-In-Time Access:- Provide time-restricted elevated privileges for specific tasks and automatically revoke them
afterward.
Access Control refers to regulating who or what can view or use resources in a computing environment. It
ensures that only authorized individuals or entities can access or interact with data, systems, or resources
based on predefined rules and policies.

Types of Access Control

Discretionary Access Control (DAC)

Access is granted or restricted at the discretion of the resource owner. The owner decides who can access the
resource and what actions they can perform.

Example:
• A user creates a file on their computer and sets permissions, allowing one colleague to read the file and
another to edit it.
• In a Windows system, file properties allow the owner to assign "Read," "Write," or "Execute" permissions
to specific users.
Mandatory Access Control (MAC)

Access is controlled by a central authority based on strict policies, often using classifications like "Confidential,"
"Secret," and "Top Secret." Users cannot alter these permissions.

Example:
• In a government environment, a "Confidential" document can only be accessed by individuals with a
"Confidential" or higher security clearance.
• An employee with "Public" clearance attempting to access a "Top Secret" file will be denied access

Role-Based Access Control (RBAC)

Access permissions are assigned based on the roles of users within an organization. This simplifies management by
grouping users with similar functions under the same role.

Example:
• A hospital uses RBAC to manage access:
• Doctors can access patient records and diagnostic tools.
• Nurses can update patient vitals but cannot access billing information.
• Administrative staff can access billing but not medical records.
• In a software company, the "Developer" role has access to the codebase, while the "HR Manager" role has
access to employee records
Attribute-Based Access Control (ABAC)

Access is granted based on attributes of the user, resource, and environment. Attributes can include user roles,
location, time of access, and device type.

Example:
• A company’s ABAC policy might allow employees to access financial data only during working hours and
from the company network.
• A remote employee using a personal device to access sensitive information is denied unless they connect
via the company’s VPN.

Rule-Based Access Control

Access is governed by pre-defined rules or conditions. It is often used in combination with other models like RBAC
or ABAC.

Example:

• A bank’s system denies all access to internal resources during maintenance windows.
• A rule restricts access to a server for all users except the IT administrator on weekends.
Access Control Lists (ACLs)

Access Control Lists (ACLs) are lists of rules used to control access to resources by specifying which users, systems,
or processes are allowed to access an object (such as files, directories, or network services) and what actions they
can perform. They play a critical role in enforcing security policies by granting or denying permissions.

Key Features of ACLs

Subject: The entity requesting access (e.g., a user, group, or device).

Object: The resource being accessed (e.g., a file, directory, or network endpoint).
Action: Specifies the operations the subject can perform on the object (e.g., read, write, execute).
Rules: Each ACL consists of a set of rules, also known as Access Control Entries (ACEs), defining
permissions for specific subjects.
Types of ACLs

File System ACLs

•Used to manage access to files and directories in operating systems.
•Permissions can include read (R), write (W), and execute (X).

Network ACLs
•Control access to network resources by filtering traffic based on IP addresses, protocols, ports, or other
criteria.
•Commonly used in firewalls, routers, and switches.
Application-Level ACLs

•Used within software applications to define user roles and their access to specific features or data.

•Example: In a database, an ACL might specify:

•Admin can read, write, and delete records.
•User can only read records.
How ACLs Work

Request for Access: A subject attempts to access a resource.

Evaluation: The system checks the ACL to find rules that match the subject and the requested action.

Decision: Based on the ACL, the system allows or denies the requested action

Advantages of ACLs

Granular Permissions: Define specific actions for individual users or groups.

Flexibility: Used in various contexts, including file systems, networks, and applications.

Improved Security: Restricts access to sensitive resources.

Limitations of ACLs

Complexity: Managing ACLs for large systems with many users and resources can be challenging.

Scalability Issues: ACLs can become unwieldy in dynamic environments.

Performance Overhead: Evaluating large ACLs can slow down access requests.
What is Accountability in Security?

Accountability in security refers to the process of tracking and recording actions taken
by users or systems, ensuring that individuals are held responsible for their actions. It
ensures that actions can be traced back to the responsible entity, allowing for
investigation and enforcement of security policies.
Purpose: It ensures transparency in operations, minimizes risk, and enables
effective response in case of incidents.
Key Elements of Accountability

Audit Trails/Logs:
Every user action (e.g., accessing data, modifying files) is recorded with
details like the user's identity, timestamp, and action.

Traceability:
Ability to trace actions to specific users or systems to detect and respond to
unauthorized activity.

Non-repudiation:
Guarantees that users cannot deny their actions (e.g., digital signatures or
secure logs ensure verifiable proof of actions).
Importance of Accountability in Security

Ensures Responsibility: Users are accountable for their actions within the system.

Detects and Prevents Malicious Activities: Helps identify unauthorized or

suspicious activities.

Facilitates Incident Investigation: Logs and audit trails help track the source of
security breaches.

Compliance Requirements: Many security standards (e.g., GDPR, HIPAA) require

maintaining logs for accountability.
Example of Accountability in Action

Scenario:
A corporate network has a log management system to track user activities.

Key Log Details:

Username: Identity of the user.
Timestamp: Time of the action.
Action: Type of action performed (e.g., access, modification).
IP Address: Location from which the action was performed
Real-Life Example

Action:
User: Alice
Action: Accessed sensitive financial document
Timestamp: 2024-12-30 09:45 AM
IP Address: 192.168.1.15
Outcome: If an issue arises (e.g., unauthorized modification of the document), the
logs can be reviewed to trace the action back to Alice, identifying her as the
responsible party.
Benefits of Accountability

Enhanced Security Monitoring: Continuous tracking helps detect suspicious

activity in real time.

Faster Incident Response: Logs allow quick identification of the source of

breaches, enabling faster remediation.

Encourages Ethical Behavior: Employees and users are more likely to follow
security policies when they know their actions are being tracked.
Non-Repudiation and Accountability

Ensures that individuals cannot deny their actions (e.g., signing a contract or executing a
financial transaction).

How It Works:

Through methods like digital signatures or encrypted logs, users are held accountable
for their actions, preventing them from later denying their involvement.
Core Security Benefits of Accountability

Prevent Unauthorized Activities:

1. Users are less likely to engage in unauthorized or unethical behavior if they know their
actions are being tracked.
2. Having accountability in place discourages malicious activities, ensuring only authorized
actions are taken.

Rapid Identification of Security Breaches:

1. Logging actions creates a detailed record that can be analyzed to detect potential
security threats or breaches.
2. The ability to review logs allows for early detection of malicious behavior and quick
remediation.

Ensures Compliance with Security Policies:

1. Organizations can ensure they are adhering to internal and external security policies by
tracking and verifying actions.
2. Accountability facilitates compliance with industry standards (e.g., PCI-DSS, HIPAA)
which require tracking and logging of sensitive data access.
Auditing in security refers to the process of systematically reviewing and evaluating the
activities, behaviors, and configurations within a system, network, or organization to
ensure compliance with security policies, standards, and regulations.

The primary goal of auditing in security is to detect potential vulnerabilities, ensure

accountability, and identify any unusual or unauthorized activities that could lead to
security breaches.
Key components of security auditing include

Log Review: Auditing involves checking system logs (such as access logs,
authentication logs, and error logs) to track user activities, system events, and any
anomalies.
Access Control Monitoring: Auditing ensures that proper access control measures
are in place and that only authorized individuals have access to sensitive data or
systems.

Compliance Checks: It verifies whether the organization is following the required

security standards, regulations, or industry best practices, such as GDPR, HIPAA.
Vulnerability Assessments: Regularly reviewing systems and networks to identify any
security weaknesses or vulnerabilities that could be exploited.

Incident Detection: Auditors help in identifying potential security incidents, including

breaches, unauthorized access, or misuse of data.

Accountability and Traceability: By maintaining an audit trail, auditing helps to ensure

that actions performed by users or administrators can be traced back, providing
accountability.
When conducting a security audit, various aspects of an organization's systems,
networks, and data are examined to ensure their security integrity and compliance with
internal and external security policies. The specific items audited in terms of security
can include:

System Configuration and Hardening

•Operating Systems: Ensuring that servers, workstations, and other devices are
securely configured, with unnecessary services and features disabled, and security
patches applied.
•Applications: Verifying that installed software is up-to-date and securely
configured, with security settings properly enabled.
•Firewall Settings: Ensuring firewalls are properly configured to block unauthorized
access while allowing legitimate traffic.
User Access and Authentication
•User Accounts and Privileges: Checking if user accounts have the appropriate
access levels, roles, and permissions to minimize the risk of unauthorized access to
sensitive resources.
•Authentication Mechanisms: Auditing password policies, multi-factor
authentication (MFA) implementation, and ensuring strong authentication
mechanisms are in place.
•User Activity: Reviewing logs of user activities to detect suspicious behavior or
unauthorized actions, such as attempts to access restricted areas of the network.
Network Security
•Network Architecture: Verifying network segmentation, configuration of routers,
switches, and network devices to prevent unauthorized traffic between different
segments (e.g., separating internal and external networks).
•Intrusion Detection/Prevention Systems (IDS/IPS): Ensuring IDS/IPS systems are
properly configured to detect and prevent malicious activity or breaches.
•VPN and Remote Access: Auditing VPN settings to ensure secure remote access for
employees or external users, with proper encryption and authentication.
4. Data Protection
•Encryption: Ensuring data is encrypted both at rest (stored data) and in transit
(data being transmitted over networks), preventing unauthorized interception or
exposure.
•Backup and Recovery: Auditing backup procedures to ensure data integrity and
availability in case of incidents like ransomware attacks or disasters.
•Data Integrity: Verifying that mechanisms like checksums or hash functions are in
place to protect data from tampering or corruption.

5. Security Monitoring and Incident Response

•Log Management: Auditing logs from systems, firewalls, network devices, and
applications for signs of security breaches or misuse.
•Incident Response Plans: Ensuring that the organization has an effective incident
response plan and that it has been tested regularly to deal with security breaches.
•Alerts and Notifications: Auditing the configuration of security alerts and
notifications to ensure timely action is taken when potential threats are detected.
Security Awareness and Training
•Employee Training: Ensuring that employees are regularly trained on security best
practices, recognizing phishing attempts, social engineering tactics, and handling
sensitive information securely.
•Security Culture: Auditing the organization's security culture to ensure that
employees understand their role in maintaining security.

Backup and Disaster Recovery

•Backup Procedures: Reviewing the frequency and security of data backups to
ensure business continuity in case of a security incident (e.g., ransomware attacks
or data loss).
•Disaster Recovery Planning: Verifying that the disaster recovery plan is in place,
tested, and capable of restoring operations in case of an incident.
Aspect Accounting in Security Auditing in Security
Logs who is accessing the system, Verifies user identity management,
Identification
associating actions with user IDs. ensuring no unauthorized access.
Audits the effectiveness of
Tracks authentication attempts
authentication methods, checking
Authentication (successful and failed), including
for compliance with standards
methods (passwords, MFA, etc.).
(e.g., MFA, strong passwords).
Logs access attempts to resources Reviews and validates roles,
Authorization and records whether the user has permissions, and compliance with
the proper permissions. the principle of least privilege.
Records detailed access Analyzes access logs to detect
Access information, including the duration unauthorized access or any
of sessions and resources accessed. attempts to bypass access controls.
What is an IDS (Intrusion Detection System)?
An Intrusion Detection System (IDS) is a security tool designed to detect and alert
you to suspicious or malicious activity within a network or on a system. It acts like a
security guard that watches for unauthorized access or harmful activities.

How IDS Works:

•Monitors Network or System Activity: It watches everything happening on your
computer or network, like who is logging in, what data is being accessed, and if
there are unusual behaviors.
•Detects Suspicious Behavior: If someone is trying to break into the system (e.g.,
by guessing passwords), the IDS will notice this and alert you that something is
wrong.
IDS in Accounting:
In the accounting context, IDS helps to record and track suspicious activities:
•Logs Suspicious Activities: It keeps track of failed login attempts, unauthorized
access, or strange patterns like someone trying to log in repeatedly with wrong
passwords.
•Alerts: The IDS sends real-time alerts if it detects any unusual activity, so security
teams can act fast.

IDS in Auditing:
In the auditing context, IDS helps to review past activities and ensure security is
working properly:
•Review Logs: During an audit, security teams or auditors look at the logs from the
IDS to check if any intrusions or malicious actions happened.
•Check Security Effectiveness: Auditing the IDS helps confirm that the system is
effectively stopping potential attacks and protecting data.
Example:
Imagine you're using a computer at work, and an attacker tries to guess your password.
The IDS would detect this attempt (maybe after a few failed tries) and alert you or the
IT team. The security team can then audit the logs from the IDS to understand the
details of the attack and prevent future incidents.

Key Points:

•Accounting: IDS logs and tracks suspicious activity in real-time.

•Auditing: IDS reviews and checks if the security system is working properly by
analyzing logs and identifying potential problems.
In short, IDS is like a watchdog that helps both in recording suspicious activities
(accounting) and in reviewing if the security systems are working as they should
(auditing).