Separation of Duties

Learn the importance of dividing duties among an organization’s employees.

Overview

Separation of duties is similar to least privilege except that the separation of duties focuses on distributing permissions among more than one person.

The insider threat

To protect against the insider threat, permissions should be designed so that no individual has access to everything. Excessive privileges can give individuals the opportunity to commit end-to-end fraud. We prevent this by creating logical barriers between systems and functionality in the form of a secure permissions design.

Example of an insurance company

Let’s look at a hypothetical insurance company’s IT systems. To reduce the chance of fraud being committed by an employee, separation of duties should be used to prevent the same person from being able to create a new insurance policy and then file a claim against that policy. Being able to do both of these things would give an employee the ability to commit insurance fraud.

Get hands-on with 1400+ tech skills courses.