Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Networking >> Networking Security
  2. Suggest New Category

A System programmer have access to computer room, it is
possible that he may undertake some unauthorised activities
at any time, due to his deep knowledge how can a control
build to avoid the risk?

Question Posted / nimesh maru

Answer Posted / nimesh maru

This is answered with the CISSP perspective.
implement 1] Seperation of Duties : This will make sure that
one individual cannot complete a critical task by himself.
so we would have 2 ,3 or 4 people doing the 1 task.
Now if they want to do something malicious or unathorized
they all would have to come together to perform the task,
which detters the person from doing it. This act of all
people coming together to complete the task is also called
Collusion.

Further Seperation of duties shall be broken down in to
Split Know ledge and Dual Control.
Split Knowledge : No one person has complete knowledge of
performing one task or required information.
Dual control : here 2 or more individuals must be present
and active in participation to complete the task.

2]Job rotation : No One person should stay in one position
for long period of time as they would then have good
knowledge and would know inside out of entire process and
would be able to bypass or circumvent controls put in place
for the santity of the process and compliance.

Is This Answer Correct ?    1 Yes 2 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

How long can a ddos attack last?

1214

How to you keep yourself updated on network security ?

1078

What is ransomware?

981

What are the data units at different layers of the TCP / IP protocol suite

1047

How the telecommunicaton is working?I have heared that one control will be there for asia countries for other countries there will be another,what is that how they work?

2343

What are digital signatures and smart cards?

1027

What are the main components of the CERT Taxonomy?

3962

What is data loss prevention (dlp)?

987

Where do you get updates on security?

1012

Explain in mobile and computer and home is it possible that we see and listen person voice and activity carefully for destroying their privacy?

953

Define the meaning of an Authentication.

1052

What does cia stand for in security management?

1071

How does dlp work?

1105

What is an information security management system (isms)?

1117

In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?

968