home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!timbuk.cray.com!raistlin!uc.msc.edu!noc.msc.net!news.gac.edu!msus1.msus.edu!stafford.winona.msus.edu!user
- Newsgroups: comp.os.vms
- Subject: Re: SYSUAF.DAT access - the real world
- Message-ID: <Stafford-220193104203@stafford.winona.msus.edu>
- From: Stafford@Vax2.Winona.MSUS.EDU (John Stafford)
- Date: 22 Jan 93 10:48:56 -0600
- Followup-To: comp.os.vms
- References: <9301202243.AA01736@uu3.psi.com>
- Distribution: world
- Organization: MSUS
- Nntp-Posting-Host: stafford.winona.msus.edu
- Lines: 26
-
- In article <9301202243.AA01736@uu3.psi.com>, leichter@lrw.com (Jerry
- Leichter) wrote:
- >
- > [...]>
- >
- > It is perfectly legitimate for the comptroller of a corporation to wish to be
- > in a position to audit use of a corporate resource. It is unacceptable if the
- > only way to audit usafe of a resource is through the direct intervention of a
- > person in a perfect position to misuse the resource. If you have to ask the
- > system manager to prepare reports on system usage, and he is the one who is
- > stealing, what do you think the chances are that the reports will give him
- > away?
-
- Sorry, Jerry but standard accounting practices insist upon OUTSIDE
- audits which obviate the problem of trusting the person who manages
- the technical side of the accounting system. A good auditor will
- insist that the comptroller NOT HAVE priviliged access to the means
- to cheat by having special access to the underlying mechanisms
- such as priviliges or the opportunity to modify critical data
- structures (in the database.) The later is hardest to control under
- some systems.
-
- Besides, the site in question was a military site and they should
- have some rather strident security practices of their own. I could
- be mistaken -- perhaps this is just another little Vax of little
- consequence -- and not networked.
-
