Job descriptions, employment agreements, and policy awareness acknowledgements increase accountability for security.  Management can communicate general and specific security roles and responsibilities for all employees within their job descriptions.  Management should expect all employees, officers, and contractors to comply with security and acceptable-use policies and protect the institution's assets, including information.  The job descriptions for security personnel should describe the systems and processes they will protect and the control processes for which they are responsible.  Management can take similar steps to ensure contractors and consultants understand their security responsibilities as well.