Educause Security Discussion mailing list archives
Re: User Login ID's
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 17 Dec 2009 12:17:07 -0500
On Thu, 17 Dec 2009 11:06:06 CST, "McCrary, Barbara" said:
Is it appropriate, secure, standard for administrators to maintain a list for tracking user id's for an application or system?
That will depend entirely on the exact nature of the app/system, the users involved, other compensating controls, and the threat model you're worried about. Your auditors will have a cow if you don't have *some* way of tracking who has access to a resource. However, the details of the method quickly become one of those great big "It Depends" in our industry...
Attachment:
_bin
Description:
Current thread:
- User Login ID's McCrary, Barbara (Dec 17)
- <Possible follow-ups>
- Re: User Login ID's Valdis Kletnieks (Dec 17)