[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SAGE] Re: sage-members-digest V2 #1617

To: sage-members@usenix.org
Subject: [SAGE] Re: sage-members-digest V2 #1617
From: Andrew Hume <andrew@research.att.com>
Date: Fri, 1 Oct 2004 15:14:29 -0400
Cc: Andrew Hume <andrew@research.att.com>
In-Reply-To: <200410011808.i91I8DgM013489@voyager.usenix.org>
References: <200410011808.i91I8DgM013489@voyager.usenix.org>
Sender: owner-sage-members@usenix.org

regarding sudosh, SOx, and syslog,

	there seems to be a wide range of opinion on what SOx is.
while i am neither a lawyer nor an accountant, and i certainly do not
speak for AT&T, my work in this area leads to observe a couple of 
points:

1) satisfying SOx for nearly all people is like doing ISO 9000;
all you have to do is that when you produce a (financial) result,
you should have a documented plausible procedure for doing so,
and some proof that that procedure was followed.
it seems clear to me that sudosh and syslog would satisfy that UNLESS
syslog in your installation was especially error-prone.

2) the more stringent methods alluded to by other comments seem
to me to be aimed at more exacting requirements, akin to those
testifying in court. and no, syslog will not cut it for that situation.

----
Andrew Hume  (best -> Telework) +1 732-886-1886
andrew@research.att.com  (Work) +1 973-360-8651
AT&T Labs - Research; member of USENIX and SAGE

Prev by Date: Re: [SAGE] Re: Official sudosh announcement
Next by Date: Re: [SAGE] Re: Official sudosh announcement
Prev by thread: [SAGE] How did that "-m" get there?
Next by thread: [SAGE] Linux Script Source Code
Index(es):
- Date
- Thread