"The ability to trace activities on information resources to unique individuals who accept responsibility for their activities on the network." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)
"The obligation to answer for a responsibility that has been conferred. It presumes the existence of at least two parties: one who allocates responsibility and one who accepts it with the undertaking to report upon the manner in which it has been discharged." (Sally-Anne Pitt, "Internal Audit Quality", 2014)
"A component of a work relationship between two people wherein one accepts the requirement to provide an account to the other of the following three questions relating to work. What did you do? How did you do it? Why did you do it that way? The most common application of the concept of accountability is that which applies as a function of a contract of employment within an organisation and though in our experience this requirement to accept accountability is rarely articulated clearly in the contract; it should be. An effective accountability discussion includes a discussion of the three questions above including how and why the person used particular processes to turn inputs into required outputs. Accountability is not a collective noun for tasks, as in ‘your accountabilities are …’. Too often this is used in employment, contracts and in role descriptions, which confuses work and accountability. A role may describe work but we are still to discover if the person is actually held to account for that work. Accountability as a concept applying within coherent social groups is brought to the fore for society in general by the process of the courts wherein people in the witness box are required to answer, in public, questions as to what, how and why something was, or was not, done and judgement is passed as an outcome of this process." (Catherine Burke et al, "Systems Leadership", 2nd Ed., 2018)
"A security principle indicating that individuals must be identifiable and must be held responsible for their actions." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)
"Assuming a transparent and appropriate level of responsibility for data assets that are under one’s care, which includes honoring obligations associated with good practice." (Kevin J Sweeney, "Re-Imagining Data Governance", 2018)
"The property of a system or system resource which ensures that the actions of a system entity may be traced uniquely to that entity, which can then be held responsible for its actions." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)
"Responsibility of data processing actors to put in place appropriate and effective measures to ensure compliance with the GDPR and be able to demonstrate so." (Yordanka Ivanova, "Data Controller, Processor, or Joint Controller: Towards Reaching GDPR Compliance in a Data- and Technology-Driven World", 2020)
"Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information." (CNSSI-4009)
"The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action." (SP 800-27)
No comments:
Post a Comment