Enforceability vs. accountability in electronic policies

Abstract

Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance