No edit summary |
|||
| Line 36: | Line 36: | ||
== See also == |
== See also == |
||
| + | * [[Accountability and Control of Classified Laptop Computers]] |
||
| + | * [[Accountability information]] |
||
| + | * [[Accountability Principle]] |
||
* [[Individual accountability]] |
* [[Individual accountability]] |
||
[[Category:Security]] |
[[Category:Security]] |
||
Revision as of 22:40, 9 August 2014
Definitions
Computer security
Accountability is "the requirement that actions of an entity may be traced uniquely to that entity."[1] "Accountability is often an organizational policy requirement and directly supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action."[2]
Accountability is
| “ | [t]he property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions.[3] | ” |
| “ | [t]he quality or state that enables attempted and committed violations of computer systems security to be traced to individuals who may then be held responsible.[4] | ” |
| “ | [the] [p]rinciple that responsibilities for ownership and/or oversight of IS resources are explicitly assigned and that assignees are answerable to proper authorities for stewardship of resources under their control.[5] | ” |
| “ | [a] process of holding users responsible for actions performed on an information system.[6] | ” |
Electronic money
Accountability is "record-keeping of electronic money transactions."[7]
Information technology
Accountability is the process of tracing IT activities to a responsible source.
Security
Accountability is
| “ | [t]he security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.[8] | ” |
| “ | [the] [p]rinciple that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.[9] | ” |
References
- ↑ NIST Special Publication 800-33, at 3; ISO/IEC 7498-2.
- ↑ Id.
- ↑ RFC 2828.
- ↑ Auditing and Financial Management: Glossary of EDP Terminology, at 1.
- ↑ Practices for Securing Critical Information Assets, Glossary, at 51.
- ↑ Tax Information Security Guidelines For Federal, State and Local Agencies: Safeguards for Protecting Federal Tax Returns and Return Information, at 150.
- ↑ Report on Electronic Money, Annex 1, Glossary, at 37.
- ↑ NIST Special Publication 800-30.
- ↑ CNSSI 4009, at 2.