Definition Edit

Separation of Duties (SoD) is

the concept that actions affecting sensitive assets should require the collaboration of multiple independent roles to succeed. Independence is essential to making implementation of SoD effective. If separation of duties is based on roles that can influence one another, the value of the practice is significantly diminished.[1]

Overview Edit

"Separation of Duties can take many forms. A preventive process control might require that the initiation of a sensitive action by a member of one role receive the express approval of an individual from an independent approver role before that action is executed. A detective process control might alert a member of an independent review role upon the execution of a sensitive action by an individual in an initiator role, enabling that reviewer to investigate and address any potential misuse. A simplistic example of separation of duties in the context of IAM is that an individual should not be able to request and approve access to PII."[2]

References Edit

  1. Report on Cybersecurity Practices, at 18.
  2. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.