discussion

profilealokreddy
sundeep.res.docx
Home>Information Systems homework help>discussion

Hi Everyone,

I am sharing my response on Separation of duties.

1. Why should duties be segregated?

Segregation of duties (SOD) aids in managing conflict of interest and fraud within the organization.

•  SOD ensures restricting the power held by one individual.

•  SOD helps in maintaining the record who controls and grants the access to information, which helps is risk management for the organization.

•  SOD helps in streamlining the tasks between different departments and makes it easy to catch errors and most importantly Intellectual Property conflicts.

•  Streamlining the tasks also ensures the tasks to be efficient and cost efficient as well.

2. How can management determine if duties are properly segregated?

It easy to implement proper duty segregation; their customizable workflows often make it easier for users to falsify accounting records, make illegal payments, and access and steal sensitive data. Segregation of duties may be easier to achieve in larger organizations with bigger budgets and more comprehensive staffing; for smaller companies with limited personnel and resources, it can present a challenge.

3. What if management has inadequate staff to properly segregate all duties?

Smaller units may not be able to obtain the ideal system of four employees each performing one of the four different duties. In these instances, mitigating controls can be used to decrease risk.

4. Find and share an example (news article online) where the separation of duties would have prevented an insider threat from exploiting a system.  Describe how you would have prevented this incident.

 

Insider threat has become a significant issue. There have been considerably more reported insider threat incidents over the past few years. According to the 2009 e-Crime Watch Survey in which 523 organizations were involved, 51% of the organizations experienced an insider attack, which increased from 39% three years ago.3 Since these were only reported incidents of attacks, it is likely more than 51% of organizations experience such attacks. From the recent Cyber-Ark Global Survey conducted in the spring of 2011 with 1,422 IT staff and C-level professionals, 16% of the surveyed individuals believe that insiders have stolen highly sensitive and valuable intellectual property, such as customer lists and product information, which have been transferred or sold the organizations’ competitors.

 

Thanks,