Content-type: text/html P-1 Accountability Principle

P-1 Accountability Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

Check all that apply:

Information system security accountability and responsibility is explicit.
The the roles and actions of all parties who interact with the firewall are clearly defined, identified, and authenticated at a level commensurate with the sensitivity and criticality of the most sensitive and critical data passing through the firewall.
Individual permissions and privileges are effectively enforced and audited.
Accurate data can be provided to the user, while the user's anoniminity is ensured, without sacrificing the accountability and integerity of the data.
The responsibilities and accountability of owners, providers, users of information systems, and other parties concerned with the security of information systems (such as custodians and auditors) are explicit.
The relationship between users, processes, and data are clearly defined.
The concepts and responsibilities of the information owner, manager, custodian, steward, user, developer, security official, auditor, and maintainer are documented and taught as a part of system and organization training.

With maximum value of