The readiness to have one’s actions, judgments, and failures to
act to be questioned by responsible others; to explain why deviations from the
reasonable expectations of responsible others may have occurred; and to respond
responsibly when errors in behavior or judgment have been detected.
Accountability, a critical component of professionalism, is closely related to
the principles of morality, ethics,
and legal obligations. In a computer sense, this term associates computer users
with their actions while online.
In recent times, accounting corporate scandals at Enron,
WorldCom, and Nortel have resulted in corporate leaders’ being held accountable
for their misdeeds, with some serving time in prison. Alberta-born, one-time Telecom tycoon Bernard Ebbers, for
example, was found guilty on March 15, 2005, of conducting the largest
accounting fraud in U.S. history. His convictions on all nine counts and on the
$11 billion fraud carry a cumulative maximum jail time of 85 years. Ebbers’
case is a continuation of white-collar crime exposure that made media headlines
at the end of the 1990s when the high-tech bubble burst. The role of executive
and board accountability has since become a major business issue in this
millennium, with new laws being passed in the United States and elsewhere for
dealing with corporate accountability infractions. More recently, on May 25,
2006, the U.S. government Enron task force was praised publicly when guilty
verdicts were announced against former chair Kenneth Lay and former CEO Jeffrey
Skilling, the two top executives most accountable for the Enron corporation’s
collapse. Lay, convicted of 6 charges of conspiracy and securities and wire
fraud, faces a maximum of 165 years behind bars, while Skilling, convicted of
19 counts of conspiracy, securities fraud, lying to auditors, and insider
trading, faces a maximum sentence of 185 years behind bars.
Moreover, with the passage of the Sarbanes-Oxley Act of 2002
(SOX) in the United States, any breach in Information Technology security
represents a risk to the
information stored on company computers and could be viewed as a violation of
Section 404 of the Act—a major issue pertaining to accountability. In short,
Section 404 requires company corporate leaders and third-party auditors to
certify the effectiveness of internal controls put in place to protect the integrity of financial
reports—processes as well as technologies. In other words, a corporate leader’s
lack of control over Information Technology (IT) security
might reasonably imply a lack of control over the organization’s financial
reports, a violation of section 404 of the Act. The Chief Executive Officer
(CEO) or the Chief Information Officer (CIO) could, indeed, be held accountable
for a breach of the Act.
As a result of the importance of corporate accountability
with regard to SOX compliance, security information management (SIM) solutions
are an emerging product group that will enable CEOs and CIOs to comply with the
conditions defined in the Sarbanes-Oxley Act by providing rapid threat
detection to the system, management of the threat, and containment. Real-time
security monitoring and correlation solutions are a key means of having
companies comply. Moreover, if challenged in court with violating provisions of
the Act, CEOs and CIOs using SIM solutions will be able to provide a reporting
and complete logging of incidents to show that security policies not only were
in place but also were being followed correctly and in a consistent, compliant,
A typical SIM system collects logfiles
and incident data from a number of network and server sources; correlates these
incidents in real time to identify potential threats before they materialize
into real threats; prioritizes threats based on risk weightings, target vulnerabilities, and other key
variables; maintains a known threats and vulnerability information data set;
and allows for automated as well as guided operator system actions to help the
company provide for a reliable and consistent set of incident responses.
Ethic, White Hat Hacker; Integrity; Logfiles; Risk; Security; Telecom;
Vulnerabilities of Computers.
Network World Inc. Website.
http://www.nwfusion.com/news/2005/0318offsite.html; Hollows, P. Hackers Are
Real-Time. Are You? [Online, February 28, 2005.] Simplex Knowledge Company
Website. http://www.s-ox.com/Feature/detail.cfm?ArticleID=623; Houpt, S.
Ebbers’ Storied Career Ends With Record-Fraud Conviction. The Globe and Mail, March 16, 2005,
p. B1, B7; Hunt, G. 1999. Accountability. [Online, 1999.] Freedom to Care
Bednarz, A. Offsite Security Complicates Compliance. [Online, March 22, 2005.]