- Accountability The principle that individuals are held responsible for their actions within a system. In the context of a system, this involves tracking and recording user activities, often through auditing and logging mechanisms, so that actions can be traced back to the individual users who performed them. Accountability helps deter malicious activities, aids in incident response and forensic analysis, and ensures that users follow policies and procedures.
- Accountability of Governance This principle emphasizes that those in governing roles bear responsibility for the decisions and actions within their purview. In the context of a system or network, it means that management is responsible for the establishment, implementation, and effectiveness of security policies and procedures. This accountability ensures that governance roles prioritize system integrity, data protection, and adherence to regulatory standards.
- Accountable Party The individual or entity that is ultimately responsible for ensuring that activities involving sensitive information, security processes, or risk management practices are carried out properly and in line with organizational policies and standards. The accountable party is answerable for the outcomes of the decisions made, including the implementation of controls and mitigation of risks, and is typically a senior executive or manager who has the authority to commit resources and enforce actions. This role involves oversight and governance and is distinct from the roles of individuals who may be responsible for performing the day-to-day tasks associated with these activities.
- Account access review The process of regularly reviewing and assessing the access granted to user accounts on a system or network. It is used to ensure that access is appropriate and in line with the user's current roles and responsibilities and to identify and remove any unnecessary or unused access. Examples of account access reviews include reviewing access to shared resources, such as files and databases, and assessing the need for access to specific applications or systems.
- Account Lockout A security measure that automatically locks an account after a certain number of failed login attempts. It is used to prevent unauthorized access to an account and is commonly found in password policies. Examples - A user tries to log in to their email account and enters the wrong password 5 times, causing the account to be locked. An employee attempts to access a secure database but forgets their password, resulting in their account being locked after 3 failed attempts.
- Account management The process of creating, maintaining, and managing user accounts on a system or network. It is used to ensure that only authorized users have access to the system and that access is granted and revoked in a controlled and secure manner. Examples of account management include setting up new user accounts, modifying existing accounts, and disabling accounts when necessary.
- Account Policy Enforcement The implementation and enforcement of rules and procedures that govern how user accounts are managed within a system. This includes policies on password complexity, account lockouts, session timeouts, and user access rights. Enforcing account policies helps maintain system security, protect user data, prevent unauthorized access, and ensure regulatory compliance.
- Accreditation The official recognition that a system, product, or individual meets specified requirements or standards. For a system or product, this might involve a thorough assessment of its security features, performance, and reliability. For an individual, it could mean they have demonstrated a certain level of expertise or competence. Accreditation enhances trustworthiness, promotes quality and Consistency, and provides a benchmark for comparison.
- Accreditation of IT Systems The formal approval process that a system undergoes to verify that it adheres to a set of predefined standards or guidelines, often related to security, functionality, and reliability. During accreditation, various aspects, such as design, implementation, and operating procedures, are evaluated to ensure compliance. This process enhances confidence in the system's capabilities and its adherence to necessary norms while also identifying areas of potential improvement.
- Accrediting Authority An entity, often a recognized body or organization, which has the power to grant accreditation to systems, products, or individuals. The authority conducts or oversees assessments to verify compliance with specified requirements or standards. Their role is crucial in maintaining standards of quality, performance, and security, and their endorsement serves as a mark of trust and reliability.
Share our FREE glossary with your friends and study buddies.
Disclaimer: The glossary is for informational purposes only, we are not liable for any errors or omissions, if you find errors please contact us.