RE: Segregation of duties trivia
- From: "David Gillett" <gillettdavid@xxxxxxxx>
- Date: Tue, 14 Nov 2006 13:00:35 -0800
I'd recommend against giving these other roles the access to
live data (DBA) or security configurations (Sec Admin) that go
with these restricted roles.
David Gillett, CISSP
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Faheem SIDDIQUI
Sent: Sunday, November 12, 2006 7:04 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Segregation of duties trivia
Hi All...
I am preparing a "Segregation of Duties' Matrix within my IS
function (Is there a better way to hit at the non-compliance
point of 'lack of segregation of duties within the
organisation', by external auditors?)
I found a very basic chart at ISACA website:
http://www.isaca.org/Content/ContentGroups/Certification3/CRM_
Segregation_of_Duties.pdf
<http://www.isaca.org/Content/ContentGroups/Certification3/CRM
_Segregation_of_Duties.pdf>
According to this chart, some of the things in the Control
Matrix are obvious but some aren't so.
For example: The chart suggests that A DB Admin cannot be an
Application Programmer neither can he be a Sys Admin or
Network Admin..Why?
Or a security administrator can be a Help Desk support
personnel but cannot be a Systems Analyst or a
Systems/Application programmer.
I was wondering, what's the potential control weakness in
these two points??
What's the best way of documenting this 'Segregation of
Duties' procedure for satisfying External Auditors?
--------------------------------------------------------------
-------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of
Academic Excellence in Information Security. Our program
offers unparalleled Infosec management education and the case
study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this
esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Segregation of duties trivia
- From: Faheem SIDDIQUI
- Segregation of duties trivia
- Prev by Date: RE: [FDE] full-disk-encryption for linux ?
- Next by Date: Re: Centralizing logs throug internet
- Previous by thread: Segregation of duties trivia
- Next by thread: Re: A question about Access controls
- Index(es):
Relevant Pages
|
