Definition: Accountability is an essential part of an information security plan. The phrase means that every individual who works with an information system should have specific responsibilities for information assurance. The tasks for which a individual is responsible are part of the overall information security plan and can be readily measurable by a person who has managerial responsibility for information assurance. One example would be a policy statement that all employees must avoid installing outside software on a company-owned information infrastructure. The person in charge of information security should perform periodic checks to be certain that the policy is being followed. Individuals must be aware of what is expected of them and guide continual improvement.
Every information asset should be "owned" by an individual in the organization who is primarily responsible each one.
Its Relevance: The duties and responsibilities of all employees, as they relate to information assurance, need to be specified in detail. Otherwise, the attempt of establishing and maintaining information security is haphazard and virtually absent. Users should remember that the biggest threat category against an information system comes from insiders.