Understand The Importance Of The Three Main Areas Of Accountability

642 Words3 Pages

It is essential that non-technical managers fully understand the importance of the three main areas of accountability, with regards to their company’s information security. Gelbstein (2013, p.27) points out that one of the difficulties with this is that a company’s management is usually in different organizational structures, and do not always get to talk to one another. The three main areas of accountability that I will discuss further are data related, systems related, and people related. Each area is an important element needed to defend companies’ data against unauthorized access, disclosure, use, deletion, etc. It used to be easier for management to keep paper data locked away in a room, with only select employees having access to it. However, with technology advancement, came the added strain of needing to secure anything stored on a computer hooked up to the Internet, or with cloud storage. Accountability helps with identifying any operations that individuals or systems have carried out, and guarantees the operations will be traced.

Data Related Area …show more content…

As much as it sounds ideal to prevent all employees from accessing all data, it is unrealistic because (especially in large organizations) assigning individual access rights would be too time-consuming and difficult. Also, claiming complete transparency is not a very sound idea, as there is plenty of data that should be kept private, and not made for public eyes. An example of keeping data classified would be a Geico insurance agent stationed at one location, accessing data at another Geico location; there is simply no reason why they should be able to access more peoples’ data than that of their own clients; governance should be in place to be sure that integrity is always assured and the right permissions are used, which aptly leads me onto the next area to

More about Understand The Importance Of The Three Main Areas Of Accountability