Changes: Accountability

Latest revision as of 08:26, 4 July 2015

Definitions[]

Computer security[]

Accountability is

“

the requirement that actions of an entity may be traced uniquely to that entity."^[1]

”

“

often an organizational policy requirement and directly supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action."^[2]

”

“

[t]he property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions.^[3]

”

“

[t]he quality or state that enables attempted and committed violations of computer systems security to be traced to individuals who may then be held responsible.^[4]

”

“

[the] [p]rinciple that responsibilities for ownership and/or oversight of IS resources are explicitly assigned and that assignees are answerable to proper authorities for stewardship of resources under their control.^[5]

”

“

[a] process of holding users responsible for actions performed on an information system.^[6]

”

Electronic money[]

Accountability is "record-keeping of electronic money transactions."^[7]

Information technology[]

Accountability is the process of tracing IT activities to a responsible source.

Security[]

Accountability is

“

[t]he security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.^[8]

”

“

[the] [p]rinciple that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.^[9]

”

References[]

↑ NIST Special Publication 800-33, at 3; ISO/IEC 7498-2.
↑ Id.
↑ RFC 2828.
↑ Auditing and Financial Management: Glossary of EDP Terminology, at 1.
↑ Practices for Securing Critical Information Assets, Glossary, at 51.
↑ Tax Information Security Guidelines For Federal, State and Local Agencies: Safeguards for Protecting Federal Tax Returns and Return Information, at 150.
↑ Report on Electronic Money, Annex 1, Glossary, at 37.
↑ NIST Special Publication 800-30.
↑ CNSSI 4009, at 2.

@@ Line 1: / Line 1: @@
-== Definition ==
+== Definitions ==
+=== Computer security ===
-'''Accountability''' is
+'''Accountability''' is
-{{Quote|the requirement that actions of an entity may be traced uniquely to that entity.<ref>[[NIST Special Publication 800-33]].</ref>}}
+{{Quote|the requirement that actions of an entity may be traced uniquely to that entity."<ref>[[NIST Special Publication 800-33]], at 3; ISO/IEC 7498-2.</ref>}}
-== Information technology ==
+{{Quote|often an organizational [[policy]] requirement and directly supports [[non-repudiation]], [[deterrence]], [[fault isolation]], [[intrusion detection]] and [[intrusion prevention|prevention]], and after-action recovery and legal action."<ref>''Id.''</ref>}}
-'''Accountability''' is the process of tracing [[IT]] activities to a responsible source.
+{{Quote|[t]he property of a [[system]] (including all of its [[system resources]]) that ensures that the actions of a [[system]] entity may be [[trace]]d uniquely to that entity, which can be held responsible for its actions.<ref>RFC 2828.</ref>}}
-== Security ==
+{{Quote|[t]he quality or state that enables attempted and committed violations of [[computer system]]s [[security]] to be [[trace]]d to individuals who may then be held responsible.<ref>[[Auditing and Financial Management: Glossary of EDP Terminology]], at 1.</ref>}}
-'''Accountability''' means
+{{Quote|[the] [p]rinciple that responsibilities for ownership and/or oversight of [[IS]] resources are explicitly assigned and that assignees are answerable to proper authorities for stewardship of [[resources]] under their control.<ref>[[Practices for Securing Critical Information Assets]], Glossary, at 51.</ref>}}
-{{Quote|[t]he security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports [[nonrepudiation]], [[deterrence]], [[fault isolation]], [[intrusion detection]] and [[intrusion prevention|prevention]], and after-action recovery and legal action.<ref>[[NIST Special Publication 800-30]].</ref>}}
+{{Quote|[a] [[process]] of holding [[user]]s responsible for actions performed on an [[information system]].<ref>[[Tax Information Security Guidelines For Federal, State and Local Agencies: Safeguards for Protecting Federal Tax Returns and Return Information]], at 150.</ref>}}
+=== Electronic money ===
+'''Accountability''' is "[[record-keeping]] of [[electronic money]] [[transaction]]s."<ref>[[Report on Electronic Money]], Annex 1, Glossary, at 37.</ref>
+=== Information technology ===
+'''Accountability''' is the process of [[tracing]] [[IT]] activities to a responsible source.
+=== Security ===
+'''Accountability''' is
+{{Quote|[t]he [[security]] goal that generates the requirement for actions of an entity to be [[trace]]d uniquely to that entity. This supports [[nonrepudiation]], [[deterrence]], [[fault isolation]], [[intrusion detection]] and [[intrusion prevention|prevention]], and after-action recovery and legal action.<ref>[[NIST Special Publication 800-30]].</ref>}}
+{{Quote|[the] [p]rinciple that an individual is entrusted to [[safeguard]] and control [[equipment]], keying material, and [[information]] and is answerable to proper authority for the loss or [[misuse]] of that [[equipment]] or [[information]].<ref>[[CNSSI 4009]], at 2.</ref>}}
 == References ==
 <references />
+== See also ==
+* [[Accountability and Control of Classified Laptop Computers]]
+* [[Accountability information]]
+* [[Accountability Principle]]
+* [[Individual accountability]]
+* [[Nonrepudiation]]
 [[Category:Security]]
-[[Category:Definition]]
 [[Category:Definition]]