User Tools

Site Tools


dido:public:ra:1.4_req:2_nonfunc:25_security:accountability

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
dido:public:ra:1.4_req:2_nonfunc:25_security:accountability [2021/08/06 14:09]
murphy [About]
dido:public:ra:1.4_req:2_nonfunc:25_security:accountability [2022/04/12 15:08] (current)
nick
Line 3: Line 3:
  
 ===== About ===== ===== About =====
-[[dido:​public:​ra:​xapend:​xapend.a_glossary:​a:​accountability]] is the principle holding an individual entrusted to safeguard and control key components of a system or program (i.e., equipment, keying material, and information) answerable to proper authority for the loss or misuse of that component.((+[[dido:​public:​ra:​1.4_req:​2_nonfunc:​25_security:​accountability| Return to Top]] 
 + 
 +[[dido:​public:​ra:​xapend:​xapend.a_glossary:​a:​accountability]] is the [[dido:​public:​ra:​xapend:​xapend.a_glossary:​p:​principle|principle]] ​holding an individual entrusted to safeguard and control ​[[dido:​public:​ra:​xapend:​xapend.a_glossary:​k:​key|key]] ​components of a system or program (i.e., equipment, keying material, and information) answerable to proper authority for the loss or misuse of that component.((
 Accountability,​ Accountability,​
 __Computer Security Resource Center (CSRC)__ __Computer Security Resource Center (CSRC)__
Line 17: Line 19:
 Accountability is part of an information security plan. The plan should enumerate every individual working with an information system and define specific responsibilities (i.e., tasks) regarding ​ [[dido:​public:​ra:​xapend:​xapend.a_glossary:​i:​information_assurance|information assurance]]. Each task needs to me measurable and be subject to oversight by individuals higher up in the command chain. Accountability is part of an information security plan. The plan should enumerate every individual working with an information system and define specific responsibilities (i.e., tasks) regarding ​ [[dido:​public:​ra:​xapend:​xapend.a_glossary:​i:​information_assurance|information assurance]]. Each task needs to me measurable and be subject to oversight by individuals higher up in the command chain.
  
-One example, might be an information security requirement that holds all employees responsible for not installing software from any source other than a company-owned repository (i.e., a task). The individual responsible for upholding the [[dido:​public:​ra:​xapend:​xapend.a_glossary:​r:​requirement|requirement]] might perform a periodic check of corporate assets to determine that the policy is being followed. Any violations in the requirement would hold the individual responsible for performing the task. The plan makes the individuals aware of the tasks expected of them, and guide continual improvement in compliance with the requirement.((+One example, might be an [[dido:​public:​ra:​xapend:​xapend.a_glossary:​i:​is|information security]] requirement that holds all employees responsible for not installing software from any source other than a company-owned repository (i.e., a task). The individual responsible for upholding the [[dido:​public:​ra:​xapend:​xapend.a_glossary:​r:​requirement|requirement]] might perform a periodic check of corporate assets to determine that the [[dido:​public:​ra:​xapend:​xapend.a_glossary:​p:​policy|policy]] ​is being followed. Any violations in the requirement would hold the individual responsible for performing the task. The plan makes the individuals aware of the tasks expected of them, and guide continual improvement in compliance with the requirement.((
 Computer-Security-Glossary.org,​ Computer-Security-Glossary.org,​
 Accessed 15 August 2020, Accessed 15 August 2020,
dido/public/ra/1.4_req/2_nonfunc/25_security/accountability.1628273357.txt.gz · Last modified: 2021/08/06 14:09 by murphy