Essay PreviewMore ↓
Separation of Duties is a term defined as “a security principle that says no one person should be able to effect a breach of security” (Definition of: separation of duties, 2008). What this means, is that one person should not be, on the whole, responsible for both the design and implementation of security within an organization. The goal being that there is not one single point of failure where one person can subsequently take advantage of a process inside a company and benefit from ill-gotten gains.
This principle is readily practiced in the area of finance and is becoming more popular within the Information Technology field. For example, within the area of finance, the Department of General Services of California has a section within its State Administrative Manual that quotes the requirements of the Financial Integrity and State Manager’s Accountability Act of 1983, which “…requires that the head of each State agency establish and maintain an adequate system of internal control within their agencies. A key element in a system of internal control is separation of duties” (Department of General Services of California, 2008). The manual then goes on to list explicitly how entities are designated, the actions they may take, the number of actions each entity may take, and the level of authorization for each duty.
In general, Information technology takes the same approach, by following the same principle; that certain key duties should be performed by different individuals. Such duties may be the physical custody or access to certain assets; authorization or approval of transactions affecting those assets; recording transactions for those assets; control or review responsibility for those assets. (The University of British Columbia, 2006). By having these and other duties performed by separate individuals, there becomes a system of checks and balances that is established. This also creates a system of reducing errors and/or fraud from going undetected. The adage of John Emerich Edward Dalberg Acton’s “Power tends to corrupt, and absolute power corrupts absolutely,” is the core principle; making sure that no one person has total control of an asset.
According to the SANS Technology Institute, “Intellectual property is the lifeblood of an organization and process should be designed to protect it,” (SANS Technology Institute, 2008) and Riordan would be well advised to take this into account as well. SANS goes on to outline several suggestions that are well advised, such as:
How to Cite this Page
"Separation Of Duties." 123HelpMe.com. 24 Sep 2018
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- When the states finally gained their independence from Great Britain, our founding fathers were pressed with the issue of establishing a new form of government to guide and oversee the new formed nation. In doing so, they crafted the United States Constitution with one specific goal in mind. The founding fathers aimed at creating such a government where the power was derived from the citizens of the nation and the possibility of a tyrannical leader taking control of the new nation would be extremely difficult.... [tags: constitution, government, branches]
652 words (1.9 pages)
- HOC Cyber Security Profiles Introduction Cyber security profiles (System Security Plans or SSP) are an essential component within an organizational security program. An Organizations Cyber security profile references to information pertinent to the security of a system such as security issues, security controls, security categories to which the system belongs, and concern pertaining to the environment in which the system is installed. Cyber security profiles provides security administrators with essential information necessary to ensure that the proper countermeasures are in place for each system in order to maintain confidentiality, integrity and availability requireme... [tags: control, duties, session, organization]
877 words (2.5 pages)
- The Separation and Balance of Powers in the UK Constitution “By the latter part of the 20th century the independence of the judges had come under increasing threat from interference by the executive. Recent reforms have, however, served to redress this position and ensure that a proper division of personnel and functions between these two arms of the state is restored. Discuss this statement in the context of the Separation/ Balance of Powers in the UK constitution.” French political thinker Montesquieu argued during the Enlightenment that in a democratic state the three branches of government; the legislative, the executive, and the judiciary should not overlap in... [tags: Papers]
1236 words (3.5 pages)
- The principle of the separation of powers is the ‘division of state and federal government into three independent branches’ . This divides the governmental power between the three divisions of the constitution, ensuring the state power is equal and is not violated by an individual branch. In concurrence with the principle of constitutionalism, separation of powers also ‘limits the power of the state’ . The separation of powers also specifies that the legislative, executive and judicial functions of the government should all be separate.... [tags: Branches, UK, US]
1090 words (3.1 pages)
- ... The legislative branch provides the laws for our country. They can make a bill into a law, which if not signed it is then vetoed and sent to Congress and then has to have two-thirds vote to become a bill (Little and Ogle,32). This provides, time to reflect on a bill and get input by congress. For instance, congress has the power to impeach and remove federal judges (Little and Ogle, 200). The legislative branch gives power to the people, but also still gives power to the other branches. On the other hand, the Executive branch, is in charge of implementing the law.... [tags: US constitution, founding fathers]
520 words (1.5 pages)
- The birthing of America brought with it one of the greatest challenges ever to be faced by its founders. Having come out from an environment of totalitarianism, authors of the Constitution and Bill of Rights had firsthand experience of the abuse of power. It was critical they ensure the new nation had provisions in place, which prevented a recurrence of totalitarian rule. In order to avoid a potential repeat of history, authors of the Constitution established three separate branches of government.... [tags: rule, branches, government, equal]
609 words (1.7 pages)
- The Separation of Church and State America wastes a lot of time trying to create a democracy completely absent of the moral expectations that our ancestors have put into place. Our founding fathers’ dream of establishing a country in which all people would be accepted has begun to fall. In our attempt to rid our country of a democracy contaminated with any belief in a supreme power, we have rid ourselves of many of our values and morals. Perhaps it is impossible for religion to dominate our political country, but we have misinterpreted the original intent of “separation of church and state” and taken this concept too far.... [tags: Religion Governmental Politcal Politics Essays]
1044 words (3 pages)
- The Separation of Power and Its Significance for the Political System The principle behind the separation of power is to limit the powers of government by separating governmental functions into the executive, legislative and judiciary. The concept has its fullest practical expression in the US constitution. James Madison, who was later to become the fourth US President said: “The accumulation of all powers, legislative, executive and judiciary, in the same hands, whether of one, a few, or many, and whether hereditary, self-appointed, or elective, may justly be pronounced the very definition of tyranny”.... [tags: Papers]
590 words (1.7 pages)
- ... (Madison FP # 47) It prevents this by having the U.S Government split into three branches, Legislative Branch (Congress), Executive Branch (President), Judicial Branch (The Courts). The Constitution keeps them separated and distinct from one another, by evenly splitting the duties and power to each branch. Legislative Branch builds and passes the laws, while the Executive Branch makes sure those laws are enforced and are being followed, and the Judicial Branch takes care of those court laws by giving just and fair trials to those who have disobeyed those laws.... [tags: federalism, separation, balances]
723 words (2.1 pages)
- Power; one of the most common evils that great people and even whole nations are susceptible to. As Thomas Jefferson once said, “Experience has shown, that even under the best forms of government those entrusted with power have, in time, and by slow operations, perverted it into tyranny”. His statement stays true with many examples prevalent throughout history. Entrusted with too much power, the Soviet Union government under Stalin’s rule had no fair legal process and over 40 million non-military civilians were killed of mainly famine or imprisonment in the gulags.... [tags: separation of powers within the Constitution]
736 words (2.1 pages)
• Not all administrators or super users should have access to creating backups since this allows access to intellectual property.
• Outsourced maintenance personnel should be restricted to the systems they are working on.
• Network and Security administrators have the ability to see anything that is sent across the network.
• Database administrators should only have the appropriate authority, not root or administrator.
• Generic administrative accounts should be disabled and an alert should be issued if they are used.
• Logging for systems, network equipment, databases, etc., should be directed to a write-only logging system.
These policies not only create a separation of duties, but also attribute functions and security based on Role-based access control.
With role-based access control, users are granted access dependent upon their job function within the organization. They are granted enough security permissions to perform their job duties and accomplish their responsibilities; however they are granted no more permissions beyond those they need. This allows for users to be categorized by their role and for access membership to be assigned to groups of individuals based on that role. Operations the users are able to perform are limited, thereby securing the organization. As duties evolve or change for an individual or group throughout the evolution of the organization, new roles and groups are created and assigned the appropriate permissions. (National Institute of Te
For example, previously it was stated that a Database Administrator should be granted enough permissions to perform their job, however not granted administrative privileges. While it would be easier to grant administrative permissions to a Database Administrator, it gives the Database Administrator permissions that are outside their role of responsibilities; allowing them potential access to information and privileges that are outside their role and that would also potentially compromise security. (National Institute of Standards and Technology, 1995)
Riordan would gain great advantage by instituting Separation of Duties by Role-Based Access. It is a proven model that has been implemented in finance from small businesses, enterprises, to national agencies. It promotes a system of checks and balances that ensure increased detection of security’s weakest point; people. Riordan would be well suited to investigating what other companies have done to successfully implement similar security policies and developing them to their own needs.
Definition of: separation of duties . (2008). In PCmag.com Encyclopedia [Web]. New York: The Computer Language Company Inc.. Retrieved October 6, 2008, from http://www.pcmag.com/encyclopedia_term/0,2542,t=separation+of+duties&i=51110,00.asp
Department of General Services of California. (2008). State Administrative Manual. Retrieved August 6, 2008, from http://sam.dgs.ca.gov/TOC/8000/8080.htm
National Institute of Standards and Technology. (1995). An introduction to role-based access control. Retrieved October 6, 2008, from http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm
Sans Technology Institute. (2008). Separation of Duties in Information Technology. Retrieved August 6, 2008, from http://www.sans.edu/resources/securitylab/it_separation_duties.php
The University of British Columbia. (2006, August 30). Separation of duties – The most important internal control. Retrieved October 6, 2008 from http://www.csoonline.com/article/446017/Separation_of_Duties_and_IT_Security