[CCCure CISSP] Question

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Question

cissp_student_01
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question

Ali Khalfan
I agree with job rotation...separation does not prevent collusion since 2 ppl can still coordinate... Mandatory vacation might prevent it but job rotation is clearly the best answer

On ١٥ فبراير، ٢٠١٤ ٥:٣٩:١١ م GMT+03:00, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship



You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question

clementdupuis
Administrator
In reply to this post by cissp_student_01
Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question

Marouane
I totally agree with you Clement and the other folks.

To better understand the question, first try to define what collusion really means, and the simple answer is that 2 or more people are coming together to do something "bad"

So, the answer becomes really simple, and maybe you can remember it this way:

 "Separation of Duties FORCES collusion while Job Rotation PREVENTS collusion" -

"FORCE" can be the opposite of "PREVENT"
 
Hope this helps -

Cheers,

Marouane



On Sat, Feb 15, 2014 at 9:50 AM, Clement Dupuis <[hidden email]> wrote:
Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +<a href="tel:703%20535%208600" value="+17035358600" target="_blank">703 535 8600
Mobile: <a href="tel:%2B1%20407%20433%206444" value="+14074336444" target="_blank">+1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________

You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question--seperation of duties

cissp_student_01
In reply to this post by clementdupuis
Clement,

Seperation of duties. If a bank teller can clear check for $1000. However, if more than $1000 it has to through a supervisor that is seperation of duties. In this scenairo we are preventing fraud from happening.
collusion means if bank teller and supervisor join togather to commit a fraud than it is collusion --right

i still did not understand why you chose job rotation. as for us my understanding of job rotation is that it is administrative preventative control. if one person is working in one position for longer time there are possible chances that he can commit a fraud which we will not know. if job rotation is implementation we can have another person to review his work and can detect fraud.

please explain


From: [hidden email]
Date: Sat, 15 Feb 2014 09:50:17 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question

Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question--seperation of duties

clementdupuis
Administrator
Good day Abid,

Good example but it is not exact.  

In your example you're managing the risk by implementing a countermeasure (SOD) that will bring the risk level down to an acceptable level.  However, there is still a chance that fraud could happen if the supervisor and the clerk work in collusion with each other.  It would NOT prevent such attack.     Yes, you reduce the likelihood and by the same token the level of risk but the risk is still there.

This is correct if the Clerk and The Manager work in pair to commit fraud then it is collusion.

A lock on a door prevent someone from entering the building.   Allowing only authorized users within your systems prevent intruders from access the system.  However, there are other factors to consider, if the door has a glass window (weakness) then the potential intruder could break it and get in.   If the system using strict user account management has bad quality of software (weakness) then an injection attack or buffer overflow could be attempted.  

Remember risk free does not exist.

Once again, it is not whether a choice apply or not.  Controls are very tricky, some of them will fall within more than one category and will act in different ways.   You have more then one valid choice but you must find which one according to the question would be the BEST choice.

Best regards

Clement






On Sun, Feb 16, 2014 at 9:38 AM, abid James <[hidden email]> wrote:
Clement,

Seperation of duties. If a bank teller can clear check for $1000. However, if more than $1000 it has to through a supervisor that is seperation of duties. In this scenairo we are preventing fraud from happening.
collusion means if bank teller and supervisor join togather to commit a fraud than it is collusion --right

i still did not understand why you chose job rotation. as for us my understanding of job rotation is that it is administrative preventative control. if one person is working in one position for longer time there are possible chances that he can commit a fraud which we will not know. if job rotation is implementation we can have another person to review his work and can detect fraud.

please explain


From: [hidden email]
Date: Sat, 15 Feb 2014 09:50:17 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question

Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +<a href="tel:703%20535%208600" value="+17035358600" target="_blank">703 535 8600
Mobile: <a href="tel:%2B1%20407%20433%206444" value="+14074336444" target="_blank">+1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question--seperation of duties

cissp_student_01
Thanks Clement for the reply.  Now the question i have is why do we use job rotation.

My understanding about job rotation is administrative detective control.  A person  is in  a position for long time. However, we bring another person to uncover or detect what he has done.


From: [hidden email]
Date: Sun, 16 Feb 2014 10:37:39 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question--seperation of duties

Good day Abid,

Good example but it is not exact.  

In your example you're managing the risk by implementing a countermeasure (SOD) that will bring the risk level down to an acceptable level.  However, there is still a chance that fraud could happen if the supervisor and the clerk work in collusion with each other.  It would NOT prevent such attack.     Yes, you reduce the likelihood and by the same token the level of risk but the risk is still there.

This is correct if the Clerk and The Manager work in pair to commit fraud then it is collusion.

A lock on a door prevent someone from entering the building.   Allowing only authorized users within your systems prevent intruders from access the system.  However, there are other factors to consider, if the door has a glass window (weakness) then the potential intruder could break it and get in.   If the system using strict user account management has bad quality of software (weakness) then an injection attack or buffer overflow could be attempted.  

Remember risk free does not exist.

Once again, it is not whether a choice apply or not.  Controls are very tricky, some of them will fall within more than one category and will act in different ways.   You have more then one valid choice but you must find which one according to the question would be the BEST choice.

Best regards

Clement






On Sun, Feb 16, 2014 at 9:38 AM, abid James <[hidden email]> wrote:
Clement,

Seperation of duties. If a bank teller can clear check for $1000. However, if more than $1000 it has to through a supervisor that is seperation of duties. In this scenairo we are preventing fraud from happening.
collusion means if bank teller and supervisor join togather to commit a fraud than it is collusion --right

i still did not understand why you chose job rotation. as for us my understanding of job rotation is that it is administrative preventative control. if one person is working in one position for longer time there are possible chances that he can commit a fraud which we will not know. if job rotation is implementation we can have another person to review his work and can detect fraud.

please explain


From: [hidden email]
Date: Sat, 15 Feb 2014 09:50:17 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question

Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question--seperation of duties

clementdupuis
Administrator
Good day Abid,

Job Rotation is not a common mechanism within low security environment.  However, it is always used within very secure environment such as the department of defense and other very secure environment.

Job Rotation is documented on paper but there is more to it.  You have resources and assets (your employees) being move around.  If I move an employee from one job to another job I may have remove the threat if the employee is a disgruntle employee who was stealing data or abusing of the company resources.   You mostly removed the threat.

That would be a permanent soluction compared with Vacation which would be a temporary solution.

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sun, Feb 16, 2014 at 11:21 AM, abid James <[hidden email]> wrote:
Thanks Clement for the reply.  Now the question i have is why do we use job rotation.

My understanding about job rotation is administrative detective control.  A person  is in  a position for long time. However, we bring another person to uncover or detect what he has done.


From: [hidden email]
Date: Sun, 16 Feb 2014 10:37:39 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question--seperation of duties


Good day Abid,

Good example but it is not exact.  

In your example you're managing the risk by implementing a countermeasure (SOD) that will bring the risk level down to an acceptable level.  However, there is still a chance that fraud could happen if the supervisor and the clerk work in collusion with each other.  It would NOT prevent such attack.     Yes, you reduce the likelihood and by the same token the level of risk but the risk is still there.

This is correct if the Clerk and The Manager work in pair to commit fraud then it is collusion.

A lock on a door prevent someone from entering the building.   Allowing only authorized users within your systems prevent intruders from access the system.  However, there are other factors to consider, if the door has a glass window (weakness) then the potential intruder could break it and get in.   If the system using strict user account management has bad quality of software (weakness) then an injection attack or buffer overflow could be attempted.  

Remember risk free does not exist.

Once again, it is not whether a choice apply or not.  Controls are very tricky, some of them will fall within more than one category and will act in different ways.   You have more then one valid choice but you must find which one according to the question would be the BEST choice.

Best regards

Clement






On Sun, Feb 16, 2014 at 9:38 AM, abid James <[hidden email]> wrote:
Clement,

Seperation of duties. If a bank teller can clear check for $1000. However, if more than $1000 it has to through a supervisor that is seperation of duties. In this scenairo we are preventing fraud from happening.
collusion means if bank teller and supervisor join togather to commit a fraud than it is collusion --right

i still did not understand why you chose job rotation. as for us my understanding of job rotation is that it is administrative preventative control. if one person is working in one position for longer time there are possible chances that he can commit a fraud which we will not know. if job rotation is implementation we can have another person to review his work and can detect fraud.

please explain


From: [hidden email]
Date: Sat, 15 Feb 2014 09:50:17 -0500
To: [hidden email]
Subject: Re: [CCCure CISSP] Question

Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________ You can find the list archive at: http://cissp-study.3965.n7.nabble.com/ CISSPstudy mailing list [hidden email] To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Question

Nandj
In reply to this post by clementdupuis
Absolutely Clement...
 
What will be most correct choice if if the same question ask in Investigation phase as detective Control...?
 
 
Thanks in advance.. 
Nand J.

 
On Sat, Feb 15, 2014 at 8:20 PM, Clement Dupuis <[hidden email]> wrote:
Good day,

This is correct, the keyword within the question is:  prevent

Separation of duties and Least privilege does not PREVENT collusion, in fact it is the opposite.  Collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used.   Else there would be no need to collude if I have too much permission and I have privilege to all of the data or system.

You really have only two choices left.   Being on leave may temporarily stop it but the best answer is definitively Job Rotation.    A new person with high ethics values coming in will not bend their ethics to commit collusion and would report anyone attempting to collude with them.   Job rotation also provides cross training where more than one person can do the job.

Job rotation is the best choice

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Sat, Feb 15, 2014 at 9:39 AM, abid James <[hidden email]> wrote:
Hello All,

I have a question
q) Mgmt has appoarched you and you have to explain that how they can prevent collusion within the organization
what should you tell ?

a) seperation of duties
b) least privilige
c)  mandatory vacation
d) job rotation

i choose a seperation of duties because 2 or more people have to join in order to commit a fraud.

but the answer is job rotation they say that two or more people  will not have sufficient time to colloborate create a trust relationship


_______________________________________________

You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org