Question
Can you please help me in responding to the discussion topic: Describe the administrative management practices of separation of duties, job rotation, and mandatory vacations
Can you please help me in responding to the discussion topic:
Describe the administrative management practices of separation of duties, job rotation, and mandatory vacations and their role in operations security.
The concepts surrounding separation of duties, job rotations, and mandatory vacations are integral to combating insider threats within an organization. They are intended to disrupt, dissuade, and deny attacks from occurring from employees. They improve oversight and security and are necessary to protect your information from those with the access to your critical information.
Separation of duties has multiple people work on a task or within a service. Much like the government, it introduces a "checks and balances" scheme, where the prying eyes of colleagues working with you would either catch or dissuade someone from wanting to act maliciously. It prevents the old idiom of judge, jury, and executioner. In the financial world, such as accounting, separation of duties is commonly used to prevent someone from cooking the books by inserting more parties that they would have to collude with. (Coleman, 2008)
Job rotations are also used within well-secured companies. They prevent safe ways for a threat actor or otherwise malicious employee to access restrictive information through their work. When their job is rotated, someone takes over their duties and can discover that security breaches took place, or simply that the employee will not be able to access the information he previously had with that job. While it can be a useful security management strategy, it is difficult to implement in smaller companies (Purcell, n.d.) and many businesses don't bother with it (McGillicuddy, 2007).
Mandatory vacations play a similar role to job rotations. They interrupt any possible malicious activities done by an employee by temporarily removing them from the environment they could be accessing data from. Their job is then covered temporarily by another employee, who may discover any problems or security issues the vacationing employee may not be able to hide. Financial companies often do this to prevent embezzlement as "an employee would need to be constantly present to manipulate records and respond to different inquiries." (Darril, n.d.).
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started