From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Separation of duties

Separation of duties

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Separation of duties

- [Instructor] As organizations grow in size, they often grow in complexity as well. This complexity is particularly evident when it comes to the applications your users rely on and their access within those apps. As it becomes more difficult to determine who has access to what, it becomes that much harder to determine whether your users have access that they shouldn't. That access comes with risks that could be mitigated before anything bad happens. You can get ahead of those risks though if you understand segregation of duties. When you implement segregation of duties controls, you split up sensitive functions so that no one person can do too much. Segregation of duties or SOD controls offer you a simple but effective way to prevent users from committing fraud. It's generally accepted that people need three things to commit fraud. They need a motive, like the need to pay their bills. They need a mindset that lets them justify their actions and they need the opportunity, which often…

Contents