When you are setting up your audit standards, be sure to double check, preferrably with the vendor, the correct way to terminate a user in their application in order to maintain the integrity of the audit log. Then, train your staff, who have probably developed their own system and having been doing it their "preferred" way for years. We found two applications, by the same vendor, handle audit logs in very different ways. On one app, if you "remove" the user ID when the user terminates or has a name change, you are still able to run audit logs. On the other app, removal of a UserID corrupts the database and destroys the integrity of the log. "Disabling" the UserID on the second system is the correct methodology.
This may sound elementry, but when you have decentralized (departmental) system, system analysts, many of them earned the job just by being the best on the system, and may not have much IT training. The lessons we learn! Mimi --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
