On 5/12/14 8:49 PM, Vernon Hamberg wrote:
It is definitely proactive.
Not if there is nothing to PREVENT a rogue administrator from giving himself or herself, or some "strawman" user, the authority in question. Not "log it for the auditors if it happens," not even "alert the auditors immediately if it happens"; PREVENT.
Without active prevention, it still sounds to me like "security theatre." The same kind of "security theatre" that, in airline passenger screening, made the World Trade Center Atrocities possible.
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact