From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Segregation of duties (SoD)

Segregation of duties (SoD)

From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Segregation of duties (SoD)

- [Instructor] The principle of segregation of duties protects organizations against the malicious actions of a single rogue employee. Organizations implement segregation of duties and two-person control to reduce the risk that a single individual can perform a harmful action. The segregation of duties principle says that no single person should possess two permissions, that in combination allow them to perform a sensitive operation. Instead, those permissions should be separated and held by two different groups of people. Account reviews and audits should inspect permissions to ensure that segregation of duties is properly enforced. Let's look at a couple of examples of segregation of duties. One of the most common requirements for segregation of duties comes in the world of accounting. Organizations normally separate the duties of creating new vendors in their accounting systems and authorizing payments to those vendors. This separation prevents a single employee in the accounting…

Contents