[cap-talk] Horton vs. ACLs - private namespaces and the AuditProblem
Karp, Alan H
alan.karp at hp.com
Wed Oct 10 12:35:34 EDT 2007
MarkM wrote:
>
> Without asking us to wade through the text of these, can you provide
> us with any insight about how this could possibly be the case? How
> would one write an automated compliance predicate that could give a
> meaningful answer from such a low level trace of human-meaningless
> data? If the regulation is simply: "though shall record oodles of
> stuff", then I can see it. Otherwise, I can't imagine a compliance
> test that could be answered from these logs.
>
Did Alan Karp access the file containing the upcoming quarterly results
during the quiet period in which he traded HP stock? While a response
of "no" is inconclusive, a "yes" lands Alan in a world of hurt.
Depending on what gets logged, you might only be able to ask if Alan had
permission to access the file. In this world, that makes Alan an
insider and is enough to get him in trouble.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list