Explain how defining positions in an organization can safeguard ...

[amal]

Explain how defining positions in an organization can safeguard against security threats.
 
  What will be an ideal response?

Question 2

A help-desk information system has answers to questions that only a true user of an accountor system would know.
 
  Indicate whether the statement is true or false

[swimkari]

Answer to Question 1

Effective human safeguards begin with definitions of job tasks and responsibilities. In
general, job descriptions should provide a separation of duties and authorities. For example, no
single individual should be allowed to both approve expenses and write checks. Instead, one
person should approve expenses, another pay them, and a third should account for the payment.
Similarly, in an inventory, no single person should be allowed to authorize an inventory
withdrawal and also to remove the items from the inventory. Given appropriate job descriptions,
user accounts should be defined to give users the least possible privilege needed to perform their
jobs. Similarly, user accounts should prohibit users from accessing data their job description
does not require. Because of the problem of semantic security, access to even seemingly
innocuous data may need to be limited. Finally, security sensitivity should be documented for
each position. Some jobs involve highly sensitive data. Other positions involve no sensitive data.
Documenting position sensitivity enables security personnel to prioritize their activities in
accordance with the possible risk and loss.

Answer to Question 2

TRUE