220.127.116.11 Separation of Duties
Separation of duties involves the use of multiple personnel to perform the different steps involved in a job activity. Sensitive operations operate with what is called dual control. This means two people are tasked to a job, often with one given the responsibility of doing something, and the other given the responsibility of signing off on it. For example, a bank teller informs a supervisor of a transaction, and the supervisor initials that they reviewed the transaction. The assumption is that with an additional person involved, collusion is required to engage in an inappropriate activity. It was Ben Franklin who said, Two people can keep a secret if one of them is dead.
Specific separation of duties is part of a security policy. A typical procedure would be to have different employees for accounts payable and accounts receivables. For specific examples click on the footnote432.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.