TAILIEUCHUNG - An Audit Logic for Accountability

Let’s look at real CM scenario, explained to me by Patrick Taylor, CEO of Oversight Systems and a thought leader on CM. The CFO of one of Oversight’s clients, a $6 Billion technology company with global operations, was concerned about how he could ensure better controls overmanual journal entries. He noticed an enormous area of risk and large expenditures for manual testing. When financial departments close the books, they book adjust- ments to various estimates, based on analysis, to account for non- systemic, often judgmental, reserves for such things as legal settle- ments. Furthermore, many times compensation is based on P&L results making these manual journal entries even more sensitive. Since. | An Audit Logic for Accountability . Cederquist1 R. Corin1 . Dekker1 2 S. Etalle1 and . den Hartog1 1 Department of Computer Science University of Twente The Netherlands cederquistj corin etalle hartogji @ 2 Security Department TNO ICT The Netherlands Abstract We describe a policy language and implement its associated proof checking system. In our system agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations and also the possibility to refine policies. In our framework the compliance with usage policies is not actively enforced. However agents are accountable for their actions and may be audited by an authority requiring justifications. 1 Introduction In many situations there is a need to share data between potentially untrusted parties while ensuring the data is used according to given policies. This problem is addressed by two main research streams on one hand there is a large body of literature on access and usage control 8 16 11 4 on the other hand we find digital rights management 18 5 . While the former assumes a trusted access control service restricting data access the latter assume trusted devices in charge of content rendering. Both settings need the trusted components to be available at the moment the request happens to regulate the data access. However there are scenarios like the protection of private data in which both access control and digital rights management fail either because the necessary trusted components are not available or because they are controlled by agents we do not want to trust. For instance P3P 17 and E-P3P and also EPAL 3 are languages that allow one to specify policies for privacy protection however the user can only hope that the private data host follows them. In this paper the process of regulating the data access is not assumed to be always performed by the same entity at the same .

• Kế toán - Kiểm toán
• Developing Olive
• Olive Inflorescence
• Regulatory Mechanism
• Asexual Cycles
• Terpenoids and Gibberellic
• Acids Interaction