Riordan's Manufacturing Separation of Duties Using Role Assignment
Essay by Kill009 • July 19, 2011 • Case Study • 720 Words (3 Pages) • 3,075 Views
Essay Preview: Riordan's Manufacturing Separation of Duties Using Role Assignment
Abstract
Smith's Consulting has been assigned the task of proving to Riordan's Manufacturing why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems (Apollo Group 2010). Before Smith's consulting got started Smith's Consulting first had a sit down with the CIO of Riordan Manufacturing and examine the company as a whole, also explain what exactly does the Separation of Duties Using Role Assignment really means and the use of Separation of Duties Using Role Assignment.
The Definition of separation of duties is: "A security principle that says no one person should be able to affect a breach of security. For example, the person who writes a check should not be the one to sign it. Separation of duties requires that people who make changes in production source code hand off their changes to someone else for installation control. Separation of duties forces rogue employees into attempting collusion and thus risking discovery by honest coworkers". (Your dictionary.com, 1981-2010)
The benefits of the use of Separation of Duties Using Role Assignment are:
* Security and vulnerability of company records
* Stop the abuse of privileges
* Network/data information Hacking
* Reduces Riordan's Manufacturing from fraud
* Reduces Riordan's Manufacturing from personal conflict of interest
* Role Base Control Access does not rely on a single person
* Giving power / influence to many not just one individual
* Protect an information system from "attacks against the confidentiality, integrity, and availability of computer systems, networks and the data they use" (Coleman, 2008)
* Master file and other sensitive transaction changes should be controlled by multiple individuals
One of the concerns of Riordan Manufacturing is conflicting access to the company's business operations. Smith's Consulting main areas of concern are finance and accounting and Riordans Manufacturing network for all locations. To ensure that no one person acting alone can breach the security of Riordans Manufacturing, Smith Consulting has to ensure that the employee responsible for building and enforcing security cannot be the same person that is responsible for testing security, performing security audits as well as maintaining and reporting on security. "The reporting relationship of the individual responsible for information security should not be to the Chief Information Officer as is traditionally the case" (Coleman, 2008).
The responsibilities behind the separation of duties are the main concern for Riordan's manufacturing. Smith Consulting must display a clear and concise
...
...