Mark Dixon at Discovering Identity writes about a question he is being asked about user access attestation. Are his ideas a significant part of user access attestation or only a peripheral concern? Link: http://goo.gl/uFh1F
[b]Who Used those Access Rights, How? Discovering Identity[/b] discoveringidentity.com
A natural question in an Identity Audits is, “Who has access to what?” and “Who granted those access rights, when?” But should a new question be asked? – “Who used those access rights, how?