This week in my network security class, we covered ways to apply administrative countermeasures to security threats. One way that I found to be the cheapest and most reasonable was the separation of duties. This way of doing business has multiple benefits.
First, separation of duties can lessen the possibility of fraud. According to our text, CISSP Guide To Security Essentials by Peter H. Gregory, when a task requires two or more people, the chances of cooperating are reduced.
Inappropriate actions are less likely to be carried out because someone is there to halt the incorrect act. If the other person sees a reason the task should not be performed, the task can also be stopped.
The addition of a user account should be controlled by more than one person to prevent unauthorized or unnecessary access to a network or system. The individual requesting access should be required to submit a formal request to that person's supervisor. In turn, that person's supervisor should be able to vouch for that person and forward the request to the security manager. The security manager should verify that the person has a valid need to know and the appropriate access. The security manager can then forward the request to the IT department.
Using more than one person for sensitive processes helps reduce errors and can detect inappropriate requests for access. In addition, having layers in the approval process may be the last line of defense against a network attack.
First, separation of duties can lessen the possibility of fraud. According to our text, CISSP Guide To Security Essentials by Peter H. Gregory, when a task requires two or more people, the chances of cooperating are reduced.
Inappropriate actions are less likely to be carried out because someone is there to halt the incorrect act. If the other person sees a reason the task should not be performed, the task can also be stopped.
The addition of a user account should be controlled by more than one person to prevent unauthorized or unnecessary access to a network or system. The individual requesting access should be required to submit a formal request to that person's supervisor. In turn, that person's supervisor should be able to vouch for that person and forward the request to the security manager. The security manager should verify that the person has a valid need to know and the appropriate access. The security manager can then forward the request to the IT department.
Using more than one person for sensitive processes helps reduce errors and can detect inappropriate requests for access. In addition, having layers in the approval process may be the last line of defense against a network attack.
Comments
Post a Comment