This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:1.4_req:2_nonfunc:25_security:accountability [2021/06/09 14:57] char |
dido:public:ra:1.4_req:2_nonfunc:25_security:accountability [2022/04/12 15:08] (current) nick |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== About ===== | ===== About ===== | ||
| - | [[dido:public:ra:xapend:xapend.a_glossary:a:accountability]] is the principle holding an individual entrusted to safeguard and control key components of a system or program (i.e., equipment, keying material, and information) answerable to proper authority for the loss or misuse of that component.(( | + | [[dido:public:ra:1.4_req:2_nonfunc:25_security:accountability| Return to Top]] |
| + | |||
| + | [[dido:public:ra:xapend:xapend.a_glossary:a:accountability]] is the [[dido:public:ra:xapend:xapend.a_glossary:p:principle|principle]] holding an individual entrusted to safeguard and control [[dido:public:ra:xapend:xapend.a_glossary:k:key|key]] components of a system or program (i.e., equipment, keying material, and information) answerable to proper authority for the loss or misuse of that component.(( | ||
| Accountability, | Accountability, | ||
| __Computer Security Resource Center (CSRC)__ | __Computer Security Resource Center (CSRC)__ | ||
| Line 15: | Line 17: | ||
| )) requiring the actions of an [[dido:public:ra:xapend:xapend.a_glossary:e:entity|entity]] to be traced uniquely to that entity. Accountability directly supports [[dido:public:ra:1.4_req:2_nonfunc:25_security:nonrepudiability | Non-Repudiation]]. It also provides a deterrence, helps with fault isolation, and is useful in intrusion detection and prevention. In many cases, it is a key source of [[dido:public:ra:xapend:xapend.a_glossary:e:evidence|evidence]] use in and [[dido:public:ra:xapend:xapend.a_glossary:a:aar]] and can ultimately, if needed, support legal actions. | )) requiring the actions of an [[dido:public:ra:xapend:xapend.a_glossary:e:entity|entity]] to be traced uniquely to that entity. Accountability directly supports [[dido:public:ra:1.4_req:2_nonfunc:25_security:nonrepudiability | Non-Repudiation]]. It also provides a deterrence, helps with fault isolation, and is useful in intrusion detection and prevention. In many cases, it is a key source of [[dido:public:ra:xapend:xapend.a_glossary:e:evidence|evidence]] use in and [[dido:public:ra:xapend:xapend.a_glossary:a:aar]] and can ultimately, if needed, support legal actions. | ||
| - | Accountability is part of an information security plan. The plan should enumerate every individual working with an information system and define specific responsibilities (i.e., tasks) regarding information assurance. Each task needs to me measurable and be subject to oversight by individuals higher up in the command chain. | + | Accountability is part of an information security plan. The plan should enumerate every individual working with an information system and define specific responsibilities (i.e., tasks) regarding [[dido:public:ra:xapend:xapend.a_glossary:i:information_assurance|information assurance]]. Each task needs to me measurable and be subject to oversight by individuals higher up in the command chain. |
| - | One example, might be an information security requirement that holds all employees responsible for not installing software from any source other than a company-owned repository (i.e., a task). The individual responsible for upholding the [[dido:public:ra:xapend:xapend.a_glossary:r:requirement|requirement]] might perform a periodic check of corporate assets to determine that the policy is being followed. Any violations in the requirement would hold the individual responsible for performing the task. The plan makes the individuals aware of the tasks expected of them, and guide continual improvement in compliance with the requirement.(( | + | One example, might be an [[dido:public:ra:xapend:xapend.a_glossary:i:is|information security]] requirement that holds all employees responsible for not installing software from any source other than a company-owned repository (i.e., a task). The individual responsible for upholding the [[dido:public:ra:xapend:xapend.a_glossary:r:requirement|requirement]] might perform a periodic check of corporate assets to determine that the [[dido:public:ra:xapend:xapend.a_glossary:p:policy|policy]] is being followed. Any violations in the requirement would hold the individual responsible for performing the task. The plan makes the individuals aware of the tasks expected of them, and guide continual improvement in compliance with the requirement.(( |
| Computer-Security-Glossary.org, | Computer-Security-Glossary.org, | ||
| Accessed 15 August 2020, | Accessed 15 August 2020, | ||
| Line 26: | Line 28: | ||
| [[dido:public:ra:1.4_req:2_nonfunc:25_security:accountability| Return to Top]] | [[dido:public:ra:1.4_req:2_nonfunc:25_security:accountability| Return to Top]] | ||
| - | //<color #FF0000><todo>TBD - to be added/expanded in future revisions of the DIDO RA</todo></color>// | + | : <wrap hi><color red> To be added/expanded in future revisions of the DIDO RA </color></wrap> |
| /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||