The IT Law Wiki

Separation of Duties

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Separation of Duties (SoD) is

the concept that actions affecting sensitive assets should require the collaboration of multiple independent roles to succeed. Independence is essential to making implementation of SoD effective. If separation of duties is based on roles that can influence one another, the value of the practice is significantly diminished.[1]

Overview Edit

"Separation of Duties can take many forms. A preventive process control might require that the initiation of a sensitive action by a member of one role receive the express approval of an individual from an independent approver role before that action is executed. A detective process control might alert a member of an independent review role upon the execution of a sensitive action by an individual in an initiator role, enabling that reviewer to investigate and address any potential misuse. A simplistic example of separation of duties in the context of IAM is that an individual should not be able to request and approve access to PII."[2]

References Edit

  1. Report on Cybersecurity Practices, at 18.
  2. Id.

Also on Fandom

Random Wiki