A violation of segregation of duties is when the same person performs two or more conflicting tasks that could compromise the security or integrity of a system or process. In the context of IT risk management, segregation of duties aims to prevent fraud, errors, sabotage, theft, misuse of information, and other security breaches. One of the common categories of functions to be separated is the authorization function, which involves evaluating and approving transactions or changes. Another category is the custody function, which involves managing or accessing physical or digital assets. A programmer who writes and promotes code into production is performing both the authorization and the custody functions, which creates a high-risk conflict.The programmer could introduce malicious or erroneous code into the system without proper review or approval, and potentially cause harm to the organization or its stakeholders. Therefore, this scenario is a violation of segregation of duties. References =
Segregation of Duties: Examples of Roles, Duties & Violations
Separation of duties - Wikipedia
Segregation of duties: prevent fraud and error - eftsure
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit