UnixTime

Research Note

EXAM-005 - Responsibility vs Accountability

Roles and responsibilities must be defined, communicated, accepted, and kept current. Managers remain accountable for ensuring security requirements are followed in their area.

On this page

Exam focus

Responsibility can be assigned or delegated; accountability is the ownership of the outcome.

Topic Summary

Roles and responsibilities must be defined, communicated, accepted, and kept current. Managers remain accountable for ensuring security requirements are followed in their area.

Key Concepts

  • Responsibility: assigned duty or task.
  • Accountability: ownership of results and consequences.
  • Delegation does not automatically remove accountability.
  • RACI helps clarify who is responsible, accountable, consulted, and informed.

Common Exam Traps

  • Saying “everyone is responsible” is enough.
  • Assuming the security team owns all security outcomes.
  • Confusing role assignment with proof of operation.
  • Iso27001
  • Exam

Note Metadata

Source: 09-Exam-Preparation/EXAM-005-Responsibility-vs-Accountability.md