At 05:41 PM 9/08/2013, Robert Brockway wrote: > > It is quite possible and relatively easy to arrange access such that > > sysadmins can't see or copy data and people who can see and change data > > can't do things to the system. > >I don't agree that it is easy to all. Siloing can be used to restrict >access but it tends to be an expensive and cumbersome approach - so much >so that most organisation don't use it at all, even many that should
Last week, I asked in a meeting of a government agency, that shall remain nameless to protect the ignorant, if they do cross checking of their access logs against self-access reports where the accessor is to note down the purpose of the access. We're talking some rather sensitive data here, too. You would have thought I was speaking Greek. They couldn't see that it wasn't enough to look at a single data track and get any sense out of it. They didn't realise that people lie or omit to tell the truth. They are inviting someone from audit to the next meeting. So even if the org. has this information, they don't understand how to use it. I'm talking the top operations executive here. They don't even know the questions to ask. Jan Melbourne, Victoria, Australia [email protected] blog: http://janwhitaker.com/jansblog/ business: http://www.janwhitaker.com Our truest response to the irrationality of the world is to paint or sing or write, for only in such response do we find truth. ~Madeline L'Engle, writer _ __________________ _ _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
