Re: so, shall we get started?

Teresa Lunt (tlunt@ARPA.MIL)
Tue, 23 Aug 1994 15:09:52 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Truitt: "Re: Re[2]: so, shall we get started?"
Previous message: Teresa Lunt: "Re: so, shall we get started?"
Maybe in reply to: *Hobbit*: "so, shall we get started?"
Next in thread: David Wiseman: "Re: so, shall we get started?"

Monitoring only for proscribed activities
means you can detect only those attacks you
know about or that show up at the level
of the audit trail (and many don't)

Before engagning in profile building the
organization has to get the full cooperation
of users, which means conveyingh to them the
value to THEM of detecting unauthorized use
of their accounts.

Also, in most corprate settings and many
or all govt settings, the computer facility
is only for official use.  Also, gathering
statistics, while allowing some understanding
of a user's behavior, does not mean reading
their email or contents of files.

Teresa Lunt

Next message: Jim Truitt: "Re: Re[2]: so, shall we get started?"
Previous message: Teresa Lunt: "Re: so, shall we get started?"
Maybe in reply to: *Hobbit*: "so, shall we get started?"
Next in thread: David Wiseman: "Re: so, shall we get started?"