Yes, you and I have to watch. Technically it is correct that more detailed audit trails etc. will not provide information of misuse of (authorisation to) data.
Many times there is circumstantial evidence which proove someone is out of line. One method is a variant on the honeypot. Use, when subscribing to a network service, a unique name. E.g. if you subscribe to the Washinton Post use the name:"Beaukey W.P. Lastname" en note the time/date and circumstance of the subscription. You'll be suprised that this name can (and will) pop-up in a different context!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/318/31433#31433