I was trying to get the provenance of the word 'access' in this case. Based upon many questions over the years from auditors and management who do not understand what 'access' means, they assign their own meaning and infer capabilities that 'access' provides them.
Many times I have faced 'findings' that called the login prompt an access that places the crown jewels at risk. Again, with standard practices, no data or applications are at risk. I had to defend my right ask for Userid: much less a password or any other authentication information. I remain curious about 'who' is questioning the nature of OSA-ICC access. Are these the same people who decided to outsource to someone that suddenly they do not fully trust? I am also curious about 'Why' they are asking, and 'What' answers would cause them to have changes made. Surprising attitude changes happen when you ask these questions and find out the underlying assumptions that led them to ask the question. Find the assumed 'givens' and the world looks different. Reporter: "Given that we hate you and distrust anything you say, what are you going to do to solve homelessness?" Reporter: "When did you stop beating your wife?" Assumes facts not in evidence. Assumptions Kill!!! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
