T 3.17 Incorrect change of PC users

If several users work on one PC, it may happen that the previous user does not log off and the new user does not log on correctly as a result of negligence or convenience. Those concerned usually justify this by stating that the time required for a restart of the IT system is too long and not considered to be acceptable.

However, this incorrect behaviour leads to a situation whereby the logging of all user log-on and user log-off procedures and therefore also accountability will (partially) fail. The logs no longer provide reliable information as to who used the computer at a certain time.

Examples:

• A PC is alternately used by three users in order to calculate travelling expenses. After the first user has carried out the log-on procedure, the change in user is then no longer correctly registered as the log-on/off procedures are not carried out for reasons of convenience.
• Because of irregularities, checks are made as to who carried out which transactions on the computer. According to the logs only one user worked on the PC; the perpetrator can not be identified and the user who logged on correctly is held responsible.