RE: Biometric Access logs

["Christian Campbell" <ccampbell () brueggers com>]

> We faced issue in the audit because of this and auditor insisted that the
> review and analysis of the logs for the Biometric controlled area needs to
> be done. 
>
> What can be done in this scenario like this? Please give in your comments.


Your auditor is not understanding the purpose of auditing and analysis.
There is no reason to know who jiggled the knob on your server room door;
they were denied access.  The purpose of auditing is to track who actually
accessed what you are trying to protect. 

If your auditor really wants to know, you'd have to register EVERY
fingerprint of EVERY employee in the company. But that only covers
employees.  

If I'm able to gain access to your building (and I'm not an employee),
decide to be stupid enough to put my finger on the lock, and am denied
access, it will still show a denied access for an unknown person.  In that
scenario, your auditor isn't getting the information they are requesting.
To get them that information would require registering EVERY PERSON in the
world... which could be time consuming.  ;)


Christian


Christian Campbell
Systems Engineer
 
Bruegger's Enterprises Inc.
Desk: 802-652-9270
Cell: 802-734-5023
Fax: 802-660-4034 
Email: ccampbell at brueggers dot com
 
PGP Public Key available via PGP keyservers or
http://www2.brueggers.com/pgp/ccampbell.html
 
"Computer Science is no more about computers 
than astronomy is about telescopes."
--E. Dijkstra

Attachment: smime.p7s
Description: