From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Separation of duties

Separation of duties

From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering

Start my 1-month free trial

Separation of duties

- [Instructor] Organizations implement separation of duties and two-person control policies to reduce the risk that a single individual can perform a harmful action. The separation of duties principle says that no single person should possess two permissions that, in combination, allow them to perform a sensitive operation all by themselves. Instead, those permissions should be separated and held by two different groups of people. Account reviews and audits should inspect permissions to ensure that separation of duties is properly enforced. Let's take a look at a couple of examples of separation of duties. One of the most common requirements for separation of duties comes in the world of accounting. Organizations normally separate the duties of creating new vendors in their accounting systems and authorizing payments to vendors. This separation prevents a single employee in the accounting department from creating a fake vendor…

Contents