Title: Accountability in organisations

Authors: Richard W.C. Lui, Lucas C.K. Hui, S.M. Yiu

Addresses: Department of Computer Science, City University of Hong Kong, 83 Tat Chee Avenue, Hong Kong. ' Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong. ' Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong

Abstract: Accountability is an important requirement in computer and information security but it is an ambiguous concept which is open to multiple interpretations. Most of the work in accountability from computer security research only focus on the association between an action with the user who has performed the action. However, it is not sufficient for handling accountability in organisations (e.g., healthcare environment). In this paper, we clarify the meaning of accountability in organisations. We also propose a framework to support the variety of accountability requirements for different applications in different organisations.

Keywords: accountability; delegation; non-repudiation; information security; computer security; systems assurance.

DOI: 10.1504/IJICS.2007.013954

International Journal of Information and Computer Security, 2007 Vol.1 No.3, pp.237 - 255

Published online: 05 Jun 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article