Enforcing segregation of duties
Segregation of duties has emerged as a problem growing completely out of proportion, mainly due to poorly design access control techniques. A switch from the Role Based Access Control (RBAC) concept to modern Attribute Based Access Control (ABAC) schemes considerably simplifies SoD resolution. This White Paper explains why.
In recent years many IT organizations have struggled to identify potential Segregation of Duties (SoD) violations within their IT systems.
A violation of this kind occurs if a user is given permissions which combined can be used to subvert a business critical process or in other ways cause harm in breach of corporate policies. A common example is the combination of permissions to manipulate vendor master data and permissions to approve invoice payments to a vendor. This combination leads to risk exposure since a user fraudulently could register a vendor and then approve fake invoices for his own benefit. The effects of a SoD analysis often leads to costly remediation efforts since conflict resolution may require altering role definitions and related business processes. Alternatively, auditors may agree to accept mediating controls, meaning the risk is accepted but managed through manual controls at regular intervals to verify that permissions in breach of corporate policies are not abused.
If you do not have an account yet,
click here to register.