|
|
If several users work on one single PC, it may happen that the previous user does not log off and the new user does not log on correctly as a result of negligence or convenience. Those concerned mostly justify this by stating that the time required for a restart of the IT system is too long and not considered to be acceptable.
However, this incorrect behaviour leads to a situation whereby the auditing of all user log-on and user log-off procedures and therefore also accountability will (partially) fail. The audit data no longer provide reliable information as to who used the computer at a certain time.
Example:
A PC is alternately used by three users in order to calculate travelling expenses. After the first user has carried out the log-on procedure, the change in user is then no longer correctly registered as the log-on/off procedures are not carried out for reasons of convenience.
Because of irregularities, checks are made as to who carried out which transactions on the computer. According to the audit data only one user worked on the PC, the perpetrator can not be identified and the user who logged on correctly is made responsible.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |