Study sets, textbooks, questions
Upgrade to remove ads
procedural and people security controls
Terms in this set (6)
A system is only secure if
the people using it follow the correct procedures, so people play a critical role in information assurance.
to prevent individuals from becoming too entrenched in a post and ensure that expertise is spread among staff rather than being concentrated in a few individuals.
which can be used to audit staff in sensitive posts while they're away from work; and
is an extension of this which requires two individuals to carry out a single critical task, such as requiring two signatures on cheques over a certain value.
Separation of duties
no individual should be able to carry out all the tasks which might be used to commit a fraud. For example, the person who places an order should not be the one who authorises payment.
Providing access to data and systems within the principle of 'least privilege' and 'need to know'
(which is 'least privilege' applied to information access). Staff should be given adequate privileges to do their jobs but no more;
Other sets by this creator
Governance, Organisation, Law, Regulation and Stan…