The IT Law Wiki

Separation of duties

32,062pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Separation of duties

[is] a control process to ensure that a single individual cannot negate the security safeguards of a system.[1]
refers to dividing roles and responsibilities so that a single individual cannot subvert a critical process. For example, in financial systems, no single individual should normally be given authority to issue checks. Rather, one person initiates a request for a payment and another authorizes that same payment.[2]

References Edit

  1. NSTISSAM INFOSEC 1-99, at 17.
  2. NIST Special Publication 800-14, at 27.

Also on Fandom

Random Wiki