in 1985, the federal government published the first set of computer security criteria that computer professionals could understand and integrate into systems.

"A trusted computer system must provide authorized personnel with the ability to audit any action that can potentially cause access to, generation of, or effect the release of classified or sensitive information. The audit data will be selectively acquired based on the auditing needs of a particular installation and/or application. However, there must be sufficient granularity in the audit data to support tracing the auditable events to a specific individual (or process) who has taken the actions or on whose behalf the actions were taken."

As your reply states, it is very apparent that "security researchers" have auditory issues.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/32074#32074