Discussion about this post

User's avatar
Dr Sam Illingworth's avatar

Thanks Erich for another excellent post. Thanks also for highlighting the importance of auditing. This is something that also gets completely overlooked sometimes in qualitative research, but without that, basically, how can we have any reliability on the work that we've done? Thanks again for this insightful post.

Jack Fitzpatrick's avatar

AAA remains foundational. But AAA answers who can access a system, not whether a specific action should be allowed to execute.

An authenticated and authorized account can still encrypt data, exfiltrate records, or destroy business operations.

Accounting tells us who did it afterward.

The unanswered question is: what intervenes when a legitimate account starts doing the wrong thing in real time?

1 more comment...

No posts

Ready for more?