(22)Give examples of Segregation of Duties Controls?
Answer: Following are some of the examples of segregation of
duties:
(1)Transaction Authorization:
- Maker-checker concept requires two (or more) persons to approve certain transactions.
- In IT applications, transactions meeting certain criteria (exceeding normally accepted limits or conditions) may require a manager’s approval to be able to proceed.
(2)Split custody of high-value assets:
- High value assets can be protected using various means of split custody.
- Banks do this for central vaults, where a vault combination is split into two or more pieces so that two or more are required to open it.
- Similarly, for critical applications, two or more passwords (available with different individuals) to be required for access.
(3)Workflow:
- In workflow type systems, extra management approval is required for administrative privileges.
(4)Periodic reviews:
- Periodic review is required to identify whether any segregation of duties issues exist.
- The access privileges for each worker can be compared against a segregation of duties control matrix.