I. Describe the term separation of duties and why it is important in reducing the risk an
Question:
I. Describe the term separation of duties and why it is important in reducing the risk an organization takes on when limiting the chance an employee will violate information security and break the confidentiality, integrity, or availability of information.
II. Compare and contrast separation of duties with two-person control and how they are similar but uniquely different in their approaches.
III. Evaluate the use of job/task rotations and the application of mandatory vacations as additional measures to protect an organization’s information security systems and data.
IV. Recognize the concept of garden leave and why it is important to have the time break in place after someone departs the company and when they join a new organization that is potentially in the similar industry or field.
V. Establish that the principles of need to know or least privilege and why they are important to have in place in an organization. Here, employees only have access to information that they need relative to their position. Stress to students that the purpose of information security is to allow people who need to use system information to do so without being concerned about its confidentiality, integrity, and availability.
Step by Step Answer:
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord