Definition: Accountability is an essential information security concept. The phrase means that every individual who works with an information system should have specific responsibilities for information assurance. The tasks for which a individual is responsible are part of the overall information security plan and are readily measurable by a person who has managerial responsibility for information assurance. One example is the policy statement that all employees must avoid installing outside software on a company-owned information infrastructure. The person in charge of information security should perform periodic checks to be certain that the policy is being followed.

Every information asset should be "owned" by an individual in the organization who is primarily responsible each one.

Its Relevance: The duties and responsibilities of all employees, as they relate to information assurance, need to be specified in detail. Otherwise, the attempt of establishing and maintaining information security is haphazard and virtually absent.

Return from "Accountability" to Words [A - C]