So as to ensure maximum security in an enterprise, the set security policies should be inclusive. They ought to take in consideration the enterprise’s mission, the assets that are critical to the enterprise and thus requires to be secured, the possible threats facing the enterprise and the various risk mitigation strategies against known and prospective vulnerabilities. Security setting on an individual-to individual basis has lately proven to be the tautest and the most bespoken security approach.
However, this approach has its maintenance challenges which the enterprise’s management has to deal with carefully. Separation of duties (SoD) facilitates the aforementioned individual-to-individual security setting. SoD aims at regulatory compliance, management of security and data in an organization, data access management and the express realization of Enterprise Resource Planning (ERP) (Deloitte Development LLC, 2007). Furthermore, the management is obliged to implement access governance that will handle the issues of who has access to what and how are those warranted are utilizing this access right.
As a consultant, it is my urge that Riordan Manufacturing Company employ role assignment strategy that would make certain that separation of obligations among its workers is achieved thus safeguarding its data. This, in the first place, will highly mitigate the access perils associated with employees, malicious third parties or even a contractor who might have had fraudulent access advantage. Moreover, the company will be is a position to provide credible evidence, especially to its auditors, in its efforts to elaborate who, how and why access was assigned in its departments and environment at large (Coleman, 2008).
Role assignment will help the management of Riordan to be more empowered in making critical comprehensive decisions not only on the type of access but also on the access level that is to be assigned to the departments’ employees and the company as a whole. Role assignment based on the employees’ area of specialization helps the management is classifying these workers in the various departments and assigning each department head who will be the in-charge of all the departmental data. This boosts accountability and also data protection since access has been narrowed.
Moreover, it cuts down the expenses, not only for installation but also for the unforeseen catastrophes associated with unwarranted data access. Besides, access certification becomes flexible and less costly since role and user population segmentation has already been undertaken. In addition, separation of obligations ascertains that there are no incidences of divergences among the employees arising from conflicting responsibilities. As a result, the company will attain its stipulated goals and objectives within a short time span (Coleman, 2008).
Segregation do duties helps, to great levels, detect errors and prevent frauds within organizations especially when dealing with data that is related with financial transactions. The implementation of this strategy will ensure that no individual employee of Riordan Manufacturing Company possesses more authority than the others in any of the company’s department thus granting him/her an advantageous opportunity to undertake deceptive data manipulations. Role assignment will also ensure that Riordan’s entitlements and responsibilities of the so considered small organizational steps are not sole-man performed.
In addition, fraud determent will be successful since there are no possible collaborations between related jobs undertaken by the same staff (Swanson & Guttman, 1996). Through this, the company will comfortably be able to trace individual worker’s violation that poses a threat to the company’s data bank. Duty separation maintains the ongoing execution of the activities of the company since a portion or a department of the company being faced with data threats will hardly affect the operations of the others. Moreover, making data security changes such as password resetting becomes less sophisticated.
Since some information is very vital for the company and is only addressed or appropriate to the specific departments, segregation grants the company ease task of communicating only the relevant data to the various departments. Beside, some vital information for the running of the business ought to be secretive and only known to the top manage ment. Consequently, duty separation ensures that not all departmental heads or other employees have access to this data thus its safety is assured and remains unchanged throughout.
With the company adopting role assigning, it will firstly ensure that there are no work or data replications. This saves on the cost of production and service provision. Moreover, since each worker has been authorized to only access data in his/ her field of operation, it makes certain that no single user has the privilege to access another’s arena and as a result no information manipulations at any one incident thus access becomes sufficiently monitored. Each worker is mutually exclusive of his/her activities.
Apart from data and task duplication separation of duties curbs the soon-to-be conflicts of interest among the workers. Duty separation through the assigning of roles also plays a creditable role in providing data backups. This is beneficial since Riordan workers will not have a perception that the administrator is the one ultimately responsible for the data backups. These backups, inform of tapes, help keep specific department’s information and are reliable in cases where the main company’s backup malfunctions (Gregg, et al, 2008). References Deloitte Development LLC. (2007).
Segregation of Duties: Business Considerations. Gregg, J. , Nam, M. , Northcutt, S. & Pokladnik, M. (2008). Separation of Duties in Information Technology. Washington. Retrieved on 3 August 2010 from <http://www. sans. edu/resources/securitylab/it_separation_duties. php> Coleman, K. (2008). The Key to Data Security: Separation of Duties. Retrieved on 3 August 2010 from http://www. computerworld. com/s/article/9113647/The_key_to_data_security_Separation_of_duties Swanson, M. & Guttman, B. (1996). Generally Accepted Principles and Practices for Securing Information Technology Systems. London: Routledge