@inproceedings{Thomborson06Governance,
  author = {Clark Thomborson and Matt Barrett},
  title = {Governance of Trusted Computing},
  booktitle = {IT Audit - Strategic Measures for Performance, Value &
    Quality: Creating Business Value from Your ICT Risk (Proceedings
    of ITG'06)},
  publisher = {Auckland University of Technology, brian.cusack@aut.ac.nz}, 
  isbn = {1-877314-60-9},
  editor = {Brian Cusack},
  pages = {15-26},
  year = 2006,
  cache = {thomborson06governance.pdf},

  abstract = {Trusted computing systems offer great promise in
corporate and governmental applications. Their uptake has been very
slow outside of the national security agencies for which they were
developed, in part because they have been difficult and expensive to
configure and use.  Recent designs are easier to use, but some
compliance and governance issues are unresolved.  Our analysis
suggests that cryptographic systems, in order to be trustworthy in
corporate environments, must support an audit of their most important
operations. At minimum the audit record must reveal the number of keys
that have been generated, as well as the creation times and
authorities of these keys. This record of cryptographic activity must
be tamper-evident, and must be open to inspection by the IT staff of
the corporate owners as well as by their independent auditors.}

}