Re: DB2/400 logging of read only access

Mike Cunningham wrote:

This is just a hypothetical situation but say you worked at a bank
where you had 500,000 records in a file with credit card numbers and
bank account numbers (all encrypted of course). And you get a report
that your information had been discovered in the hands of a identity
theft villain. You go looking around and object auditing shows that
someone who you fired last month (worked for ITS and job duties
required all object access) had accessed this file a few hours before
they were fired and they had no reason to be using the file at all.
If that is all you know you might need to assume that all 1,000,000
records were accessed and you need to contact 500,000 customers about
the problem. Actually this person only accessed 100 records (was not
being greedy). The only way you could know this is by having a read
trigger and doing your own logging.

But of course if the user had *ALLOBJ authority, then they would have been able to /see/ that the read trigger existed, and thus have removed or disabled the trigger before choosing what rows to copy; thus back to the same 1M notification requirement. Additionally, unless the user had a /need to know/, they should never have had any direct access to the decryption capability, so without overcoming even further hurdles, they likely would have gained access only to the encrypted version of the data; not to imply as such, but that alone may have removed or reduced reporting requirements, depending on statutes, etc.

Regards, Chuck