[LINK] No more human sysadmins??
Jan Whitaker
jwhit at melbpc.org.au
Fri Aug 9 18:46:22 AEST 2013
At 05:41 PM 9/08/2013, Robert Brockway wrote:
> > It is quite possible and relatively easy to arrange access such that
> > sysadmins can't see or copy data and people who can see and change data
> > can't do things to the system.
>
>I don't agree that it is easy to all. Siloing can be used to restrict
>access but it tends to be an expensive and cumbersome approach - so much
>so that most organisation don't use it at all, even many that should
Last week, I asked in a meeting of a government agency, that shall
remain nameless to protect the ignorant, if they do cross checking of
their access logs against self-access reports where the accessor is
to note down the purpose of the access. We're talking some rather
sensitive data here, too. You would have thought I was speaking
Greek. They couldn't see that it wasn't enough to look at a single
data track and get any sense out of it. They didn't realise that
people lie or omit to tell the truth. They are inviting someone from
audit to the next meeting.
So even if the org. has this information, they don't understand how
to use it. I'm talking the top operations executive here. They don't
even know the questions to ask.
Jan
Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com
Our truest response to the irrationality of the world is to paint or
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer
_ __________________ _
More information about the Link
mailing list