The principle of separation of duties protects organizations against the malicious actions of a single rogue employee. In this video, learn how organizations implement separation of duties and two-person control to reduce the risk that a single individual can perform a harmful action.
- [Narrator] The principle of separation of duties…protects organizations against…the malicious actions of a single rogue employee.…Organizations implement separation of duties…and two-person control to reduce the risk…that a single individual can perform a harmful action.…The separations of duties principle…says that no single person should possess…two permissions that, in combination,…allow them to perform a sensitive operation.…Instead, those permissions should be separated…and held by two different groups of people.…
Account reviews and audits should inspect permissions…to ensure that separation of duties is properly enforced.…Let's look at a couple of examples…of separation of responsibilities.…One of the most common requirements…for separation of duties comes in the world of accounting.…Organizations normally separate the duties…of creating new vendors in their accounting system…and authorizing payments to vendors.…This separation prevents a single employee…in the accounting department from creating…a fake vendor and then issuing payments to that vendor…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A complete learning path will be available once all the courses are released.
- Conducting investigations
- Reporting and documenting incidents
- Continuous security monitoring
- Preventing data loss and theft
- Asset management
- Change management
- Virtualization security
- Security principles: need to know, separation of duties, and more
- Building an incident response program
- Personnel safety and emergency management
Skill Level Intermediate
Learning Computer Forensics (2014)with Jungwoo Ryoo1h 57m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Investigations and Forensics
2. Logging and Monitoring
Data loss prevention6m 34s
3. Resource Security
4. Security Principles
5. Incident Management
6. Personnel Safety
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.