Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Networking >> Networking Security
  2. Suggest New Category

A System programmer have access to computer room, it is
possible that he may undertake some unauthorised activities
at any time, due to his deep knowledge how can a control
build to avoid the risk?

Question Posted / nimesh maru

Answer Posted / nimesh maru

This is answered with the CISSP perspective.
implement 1] Seperation of Duties : This will make sure that
one individual cannot complete a critical task by himself.
so we would have 2 ,3 or 4 people doing the 1 task.
Now if they want to do something malicious or unathorized
they all would have to come together to perform the task,
which detters the person from doing it. This act of all
people coming together to complete the task is also called
Collusion.

Further Seperation of duties shall be broken down in to
Split Know ledge and Dual Control.
Split Knowledge : No one person has complete knowledge of
performing one task or required information.
Dual control : here 2 or more individuals must be present
and active in participation to complete the task.

2]Job rotation : No One person should stay in one position
for long period of time as they would then have good
knowledge and would know inside out of entire process and
would be able to bypass or circumvent controls put in place
for the santity of the process and compliance.

Is This Answer Correct ?    1 Yes 2 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What are the types of LAN cables used? What is a cross cable?

934

What is Cross Site Request Forgery and how to defend against it?

974

What is a Password?

953

What is the difference between cybersecurity and information security?

1065

What is the sense of a fingerprint?

1005

How to implement PIX firewall security?

945

Why do we use virtual private network?

980

What do you do when you get blue screen in a computer? How do you troubleshoot it?

990

In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?

924

What are all the technical steps involved when the data transmission from server via router?

988

Explain the difference between broadcast domain and collision domain?

1007

What is terminal emulation, in which layer it comes

978

What is an arp?

1052

How does network security work?

921

What are Digrams and Trigrams

1084