Jump to Navigation


Glossary beginning with A

Click one of the letters above to go to the page of all terms beginning with that letter.

Accountability for Cloud and Other Future Internet Services

Access Control

The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).

Access Control Policy

The set of rules that define the conditions under which an access may take place.

Accountability Attributes

Conceptual elements of accountability as used across different domains.

Accountability Evidence

Accountability Evidence as collection of data, metadata, routine information and formal operations performed on data and metadata which provide attributable and verifiable account of the fulfilment of relevant obligations with respect to the service and that can be used to support an argument shown to a third party about the validity of claims about the appropriate and effective functioning (or not) of an observable system.

Accountability Mechanisms

Diverse processes, non-technical mechanisms and tools that support accountability practices.

Accountability Model

Accountability attributes, practices and mechanisms.

Accountability Practices

Emergent behaviour characterising accountable organisations.

Accountability, Conceptual Definition

Accountability consists of defining governance to comply in a responsible manner with internal and external criteria, ensuring implementation of appropriate actions, explaining and justifying those actions and remedying any failure to act properly.

Accountability, for Data Stewardship in the Cloud Definition (A4CLOUD Definition)

Accountability for an organisation consists of accepting responsibility for data with which it is entrusted in a cloud environment, for its use of the data from the time it is collected until when the data is destroyed (including onward transfer to and from third parties). It involves the commitment to norms, explaining and demonstrating compliance to stakeholders and remedying any failure to act properly.

Accountability-based Approach

An accountability-based approach to data governance is characterised by its focus on setting privacy-protection goals for organisations based on criteria established in current public policy and on allowing organisations discretion in determining appropriate measures to reach those goals.

Accountable Organisation

An accountable organisation demonstrates commitment to accountability, implements data privacy policies linked to recognised outside criteria, and establishes performance mechanisms to ensure responsible decision-making about the management of data consistent with organisation policies.


The extent to which the technical and organisational measures used have the capability of contributing to accountability.


see Security Control Assessment


Any item that has value to the organisation.


Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.


The possibility to trace a given action back to a specific entity.


In case of a deviation from the expected behaviour (fault), an accountability system reveals which component is responsible (attribution).


Independent review and examination of records and activities to assess the adequacy of system controls and ensure compliance with established policies and operational procedures.

Audit Log

A chronological record of system activities. Includes records of system accesses and operations performed in a given period.

Audit Trail

A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.


The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.


A prescription that a particular behavior shall not be prevented.


The property of being accessible and usable upon demand by an authorized entity.