Auditing IT Infrastructures for Compliance, 3rd Edition
by Robert Johnson, Marty Weiss, Michael G. Solomon
Separation of Duties
A common theme in compliance requirements is to reduce the ability of any one element to compromise data security. In the User Domain, this means that no single person should have the ability to bypass security controls that protect data. Each computer user’s role should limit the scope of permitted actions.
Most computer systems restrict access to deny unauthorized users. The first step in gaining access to data is to identify yourself to the information system and authenticate your identity. This process commonly involves providing a user ID and a password. Once you are identified and authenticated, the operating system grants authority in the form of permissions and rights. These permissions and rights are defined by ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access