Assignment:
Part 1: Research Separation of Duties Policies
Note: In this part of the lab, you will review scholarly research on separation of duties policies in order to form a basis for their purpose and usage. Understanding the reason behind a SoD policy is key to understanding the component policies and procedures. Please take time to review the research thoroughly and think through the concepts of the policy itself.
1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing separation of duties policies.
Lu, J., Li, R., Lu, Z., &Jin, Y. (2009, December 31). Dynamic Enforcement of Separation-of-Duty Policies. Paper presented at the International Conference on Multimedia Information Networking and Security.
Note: If you are unable to locate or access this research, find a similar scholarly, peer-reviewed article and provide a citation in your response.
2. Write a brief summary of the article. In your summary, focus on the need for a Separation of Duties policy and its key elements.
Part 2: Create a Separation of Duties Policy
Note: In Part 1 of this lab, you learned about the motivating factors that inform a separation of duties policy. In this part of the lab, you will create your own separation of duties policy for a given scenario. As you prepare your policy, remember that no one individual or team should have too much authority or power to perform a function in a business or organization and that understanding where responsibilities begin and end is critical to effective separation of duties. However, just because one individual or team has decidedly too much authority or power does not necessarily mean that management should apply separation of duties to mitigate the risk given that truly separated duties often means additional labor and/or costs. Instead, management might decide to accept the risk or address the risk by other means.
1. Review the following scenario for the fictional Bankwise Credit Union:
o The organization is a local credit union that has multiple branches and locations throughout the region.
o Online banking and use of the internet are the bank's strengths, given its limited human resources.
o The customer service department is the organization's most critical business function.
o The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
o The organization wants to monitor and control use of the Internet by implementing content filtering.
o The organization wants to eliminate personal use of organization-owned IT assets and systems.
o The organization wants to monitor and control use of the e-mail system by implementing e-mail securitycontrols.
o The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
o The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.
2. Create a security management policy with defined separation of duties for the Bankwise Credit Union.