{"id":3212,"date":"2020-10-31T04:00:07","date_gmt":"2020-10-31T08:00:07","guid":{"rendered":"http:\/\/community.mis.temple.edu\/itacs5121fall16\/?p=3212"},"modified":"2018-12-07T12:12:07","modified_gmt":"2018-12-07T17:12:07","slug":"week-9-security-user-management-segregation-of-duties-sod","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/2020\/10\/31\/week-9-security-user-management-segregation-of-duties-sod\/","title":{"rendered":"Week 9: Security: User Management, Segregation of Duties (SOD)  Wrap-up"},"content":{"rendered":"<p>Continuing great job on the discussions &#8211; I enjoy your thoughtfulness and depth in answering. \u00a0I trust the questions help you explore and understand topics being discussed in a given week.<br \/>\nYou raised most of\u00a0the important\u00a0points but let me summarize my view.<\/p>\n<p><strong>Q1<\/strong>: What is segregation of duties (SOD) and why is it a commonly used control? \u00a0&#8211; We discussed this topic in class. \u00a0Great examples of IT roles that should be segregated (e.g. development from DBA, development and security, development\u00a0and\u00a0move code, developers\u00a0not in\u00a0production system, development from\u00a0audits). \u00a0We&#8217;ll discuss controls related to development more thoroughly in future classes.<\/p>\n<p><strong>Q2<\/strong>: Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? \u00a0You nailed the core issue &#8211; ERP systems are large and complex. \u00a0Therefore the security is also large and complex &#8211; especially when there are complex requirements (many people needing broad\u00a0access).<\/p>\n<p><strong>Q3<\/strong>: What are Key competencies of person responsible for security? \u00a0I like the terms you chose. \u00a0Specifically: Skepticism and\u00a0curiosity<br \/>\nFunctional Knowledge &#8211; critical to effectively make decisions<br \/>\nDecision making &#8211; to which I would add good judgement.<br \/>\nData analytic &#8211; I call this basic smarts. \u00a0Security is highly complex and requires strong cognitive skills.<\/p>\n<p><strong>Q4<\/strong>: Companies are dynamic entities. Best practices for managing system users and their security access? \u00a0 You provide many great ideas including: \u00a0Password policies and procedures, documenting change (more on this in a couple weeks), periodic user access reviews, least privilege access, proper management approvals, etc. \u00a0Bottom line is that security although sometimes viewed as a backroom IT task requires strong processes to be done well.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Continuing great job on the discussions &#8211; I enjoy your thoughtfulness and depth in answering. \u00a0I trust the questions help you explore and understand topics being discussed in a given week. You raised most of\u00a0the important\u00a0points but let me summarize my view. Q1: What is segregation of duties (SOD) and why is it a commonly [&hellip;]<\/p>\n","protected":false},"author":22812,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[716552],"tags":[],"class_list":{"0":"post-3212","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-09-it-outsourcing-cloud-computing","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/posts\/3212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/users\/22812"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/comments?post=3212"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/posts\/3212\/revisions"}],"predecessor-version":[{"id":4907,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/posts\/3212\/revisions\/4907"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/media?parent=3212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/categories?post=3212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5121sec701fall2019\/wp-json\/wp\/v2\/tags?post=3212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}