Key Security Concept: Nonrepudiation
In today’s blog, we are going to take a look at a key concept in information security: nonrepudiation. Simply put, nonrepudiation is the assurance that someone cannot deny an action they took. This can apply to an email, for example. If the sender sends the message with a digital signature, this proves that the sender is the one holding the signature (it also proves the email has not been altered in transit, which is its integrity). With a digital signature, the author cannot later deny that the email was sent from their email account (although their account could have been compromised).
Another example of nonrepudiation is the use of unique user accounts. Most logging solutions are configured to log actions taken by users on a centralized server. Equally important, the logging solution captures the userid of the user who made a change or took a particular action. These logs should be protected such that they can’t be altered. If that is the case, then you have nonrepudiation for the actions taken on a logged server. It can be proven that someone with access to a particular account performed the action in question.
Nonrepudiation is important for two main reasons. First, by being able to prove which user took an action, you can act to prevent it from happening again. Let’s say an employee commits fraud. Nonrepudiation will be critical if you pursue legal action against that employee and also to prevent a wrongful termination lawsuit. However, nonrepudiation can also be a deterrent control. When users know that their actions are being recorded, they are less likely to act maliciously. This is why casinos have cameras pointing all over the dealers, not just the players. They want to deter them from any illegal or unauthorized actions.
So in summary, nonrepudiation is the concept in information security of being able to prove that a user took an action. This can apply to an action they took on a host on the network, an email they sent, or any other important action. This concept is vital because it can help you understand how to deter malicious activity and provide assurance that a user did take a particular action.