Академический Документы
Профессиональный Документы
Культура Документы
Segregation of duty
A lack of segregation of duties is a significant contributing factor in almost
all occurrences of fraud and is often found to be a weakness during postanalysis of system compromises. Segregation of duties means the steps in
key processes are divided among two or more people so no one individual
can act alone to subvert a process for his or her own gain or purposes. The
segregation of duties is an area that comes under close scrutiny during
compliance reviews of employees work can catch improper activities, but
theyll never be effective at preventing fraud and other malicious activities as
well-documented, implemented and enforced duty segregation for in-house
and contracted personnel. Where possible, implement assignment rotations
for personnel and ensure employees are forced to take at least one two-week
holiday a year. A mandatory vacation policy is a must as system abuse can
come to light if a cover worker notices irregularities in the vacationing
persons work. These types of practices will assist in identifying long-standing
undesirable activities.
B. Pyhsical security
Physical security is often overlooked and its importance underestimated
in favor of more technical threats such as hacking and malware. However,
breaches of physical security can be carried out with brute force and little or
no technical knowledge on the part of an attacker. Physical security has three
important compenents which are access control, surveillance and testing.
Obstacles should be placed in the way of potential attackers and physical
sites should be hardened against accidents, attacks or enviromental disaters.
Such hardening measurers include fencing, locks, access control cards,
boemetric access control systems. Second, physical locations should be
monitored using surveillance cameras and notification systems. Third,
disaster recovery policies and procedures should be tested on a regular basis
to ensure safety and to reduce the time it takes to recover from disruptive
man-made or natural disasters.
means
that
the
approver
has
reviewed
the
supporting