Engineering – Telecommunications Engineering
In regards to separation of duties (from your readings), answer the following questions:
Why should duties be segregated?
How can management determine if duties are properly segregated?
What if management has inadequate staff to properly segregate all duties?
Find and share an example (news article online) where separation of duties would have prevented an insider threat from exploiting a system. Describe how you would have prevented this incident.
For this week, you need to respond to 2 of your peer’s initial responses. Your replies need to be more than 1 or 2 sentences to obtain credit for posting. Describe how you agree or disagree with their post. Add to their post, but do not attack their position. In your reply, support how your peer would have prevented the incident they presented, or another method for preventing the insider threat. Be sure to describe your solution. In total, you need to have more than 3 posts (your initial and 2 replies to receive full credit).————————————————————————————————1. COLLAPSEWhy should duties be segregated?Separation of duties is a method to manage conflict of interest. This can be achieved by segregating the roles, responsibilities and privileges for specific security processes among multiple employees.How can management determine if duties are properly segregated?management should verify these points:Who maintains possession of the asset?Who authorizes transaction approvals?Who is responsible to record the transactions into ledger?What if management has inadequate staff to properly segregate all duties?If the management has inadequate staff, mitigating controls should be used to decrease risk because there are chances that smaller groups cannot obtain ideal system. five employees each performing one of the five different duties. Find and share an example where separation of duties would have prevented an insider threat from exploiting a system. Describe how you would have prevented this incident.In December 2013 over 40 million credit cards were stolen from nearly 2000 Targetstores by accessing data on point of sale (POS) systems. From what is known about theTarget breach, there were multiple factors that led to data loss. vendors were subject tophishing attacks, network segregation was lacking, point of sale systems were vulnerableto memory scraping malware and detection strategies employed by Target failed. Apossible solution for preventing and mitigating similar breaches using a defense in depthmodel will be presented using a multi-layered security strategy.A series of steps were taken by the adversaries to obtain access to the credit carddata and retrieve it from Target’s systems. A break down in detection further increaseddata loss. Sources suggest the breach transpired as follows:Reconnaissance by attackers may have included a Google search that would have supplied a great deal of information about how Target interacts with vendors. Results would have revealed a vendor portal and a list of HVAC and refrigeration companies. This reconnaissance would have also revealed a detailed case study on the Microsoft web site that describes how Target uses Microsoft virtualization software, centralized name resolution and Microsoft System Center Configuration Manager (SCCM), to deploy security patches and system updatesFrom this pivot point the attackers could have further infiltrated the network. The specific details are not available but we can speculate that the criminals used the used the attack cycle described in Mandiant’s APT1 report to look find vulnerabilities in the vendor portal move laterally through the network via back doors, reconnaissance and other vulnerable systems. Common network tools were used to do reconnaissance once inside the networkWhile the attack was in progress, monitoring software (FireEye) alerted staff in Bangalore, India. They in turn notified Target staff in Minneapolis but no action was taken. ReconnaissanceNetwork Infiltration and CommunicationFailure to respond to FireEye alertsSeparation of duties could have prevented this threat.
prevented insiders from having end-to-end system knowledge or access.
prevents access across different network layers.
Separation of duties would have different people monitoring systems than those who have access to make changes to configuration.
Suggestions:An alternate outcome for the Target scenario was presented with Critical Controls in place. Steps taken by the attackers could have been stopped at many different points during the attack. Segregating the POS systems, end-to-end encryption, inventory of systems and detailed logging would have kept thieves away from credit card data. Proper encryption would have prevented card data from being read in memory. Adequate, welltrained staff with time to appropriately analyze logs would have uncovered the malware and network traffic to mitigate losses had the breach still occurred
Importance of separation of duties As the business grows so does the increase in levels of hierarchy of the company .This shows that any task cannot be done by a single individual , if done so that consumes most of the time to complete an operation . So segregation of duties creates an ease in business processes to get the tasks done efficiently and effectively and expose the risks involved in any particular task that are being carried out in any organization by a single employee i.e., for example, if transaction , billing and closing for a particular task are done by single individual , there is a risk factor involved of that individual exploiting the system and can become unnoticed by any other employee or employer of the company. So any duty should be done by at least more than a single individual so that , the errors can be caught and prevent internal fraud in the business. Duties can also be segregated to assure that the transactions are correct , reported with accuracy and are adhering to rules and regulations of the company.Management and its review to determine proper segregation of duties Management can record the end results of both prior to separation of duties and post separation of duties and perform a final assessment to determine if duties are properly segregated or not.Challenges of management having inadequate staff Not all processes require highly qualified personnel . So, few duties may just be mitigated by imbibing mitigation controls in the system.Duties which can give us a least risk can be reduced by introducing mitigation controls into the system.Real time scenario and views on it On May 2013 , Edward Snowden’s whistle blowing regarding NSA ( National Security Agency ) documents can be taken as an example that might have mitigated threat to NSA , if proper prior strategies like segregation of duties are put into its system . According to ABC news , “Snowden was earlier appointed as a contractor with NSA who managed to download and steal an estimated 1.7 million confidential files”. According to Reuters , International News Agency’s article,Russian President said that “Snowden leaking the secrets is wrong but he is not a traitor “.The leak created direct or indirect knowledge gain among the public regarding the NSA surveillance operations.President Obama then urged to segregate a panel consisting of 5 experts to deal with the issue.The panel prepared 300 page report for the President with 46 recommendations which were far reaching . To conclude , I would recommend being proactive instead of being reactive to the issue by practising strong internal controls, applying transparency in organizational processes,segregation of duties for all the tasks that are being performed in its operations and implementing employee evaluation practice under scrutiny to avoid internal threats in the organization.Thank You