- From: Prafullchandra, Hemma <hprafullchandra@verisign.com>
- Date: Thu, 25 Jul 2002 13:29:05 -0700
- To: www-ws-arch@w3.org
From a service provider perspective, this is also important in that the rules & procedures by which it claims to operate can be said to be within compliance by external auditors on a regular basis, by analyzing these audit logs. So there is - malicious activity by internal or external individual - malicious play by a company as a whole - the ability to gather "un-modified" evidence to substantiate or negate any accusations. Hemma -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] [snip] IMHO, the major benefit of a secure audit trail is deterrence against abuse of authority. For example, in any system, somebody has to be empowered to create user accounts, alter access rights and so on. However, if it is known for a certainty that when the effects of unauthorized actions by authorized users is discovered, it will be possible to determine who is responsible, this will tend to deter insiders from abuse. Its like the cameras in the ceiling in gambling casinos. The other side of the coin is that it can clear the innocent from suspicion. Hal
Received on Thursday, 25 July 2002 16:28:32 UTC