Proper Separation of Duties in Security Administration

Proper Separation of Duties

Prev Question Next Question

Question

Which of the following exemplifies proper separation of duties?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud.

Tasks of this nature should be performed by they system administrators.

AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.

The following answers are incorrect: Programmers are permitted to use the system console.

Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators.

Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties.

Console operators are permitted to mount tapes and disks.

Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties.

Tape operators are permitted to use the system console.

Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties.

References: OIG CBK Access Control (page 98 - 101) AIOv3 Access Control (page 182)

Proper separation of duties is an important principle of information security that aims to reduce the risk of fraud, errors, and unauthorized access by ensuring that no single individual has complete control over a critical function or system. The basic idea is to divide responsibilities among different individuals or groups, so that no one person can carry out a fraudulent or unauthorized activity without collusion with others.

Out of the four options provided, the only one that exemplifies proper separation of duties is A. Operators are not permitted modify the system time.

Explanation of the options: A. Operators are not permitted modify the system time. This option exemplifies proper separation of duties because it restricts a critical function (modifying system time) to a specific group of individuals, namely those who have the necessary authorization and expertise. By preventing operators from modifying the system time, the organization reduces the risk of accidental or intentional disruptions to the system, such as time-based attacks.

B. Programmers are permitted to use the system console. This option does not exemplify proper separation of duties because it allows individuals who have programming responsibilities to also have access to a critical function (the system console). This could potentially lead to abuse of privileges, such as unauthorized changes to the system configuration or data manipulation.

C. Console operators are permitted to mount tapes and disks. This option does not exemplify proper separation of duties because it allows individuals who have console operations responsibilities to also have access to a critical function (mounting tapes and disks). This could potentially lead to unauthorized access to sensitive data or unauthorized changes to the system configuration.

D. Tape operators are permitted to use the system console. This option does not exemplify proper separation of duties because it allows individuals who have tape operations responsibilities to also have access to a critical function (the system console). This could potentially lead to unauthorized changes to the system configuration or unauthorized access to sensitive data.

In summary, proper separation of duties involves dividing responsibilities among different individuals or groups to reduce the risk of fraud, errors, and unauthorized access. Option A exemplifies proper separation of duties because it restricts a critical function (modifying system time) to a specific group of individuals.