The information owner is accountable for authorizing information system access to internal users. The information owner has the responsibility for ensuring that appropriate access controls are in place, and they authorize who can access specific information based on its sensitivity and importance to the organization. This ensures that only authorized individuals have access to the data they need to perform their duties.