ISC2 CISSP Practice Question

Segregation of Duties (SoD) is a security principle that divides critical functions among different individuals to prevent fraud, errors, and abuse by ensuring that no single person has complete control over a transaction or process. By requiring multiple people to be involved in sensitive transactions like initiating, approving, and finalizing a transfer, SoD creates a system of checks and balances, making it significantly more difficult for any single person to commit fraud without collusion.

The other options are incorrect because:

• Defense in depth involves implementing multiple layers of security controls, and while SoD can be one of those layers, it is not the overarching principle of layering itself.
• Least privilege relates to providing the minimum necessary access rights for a user to perform their job functions. While related, it doesn't specifically address the requirement of splitting a single process among multiple people.
• Role-based access control (RBAC) is a method of implementing access control based on job functions. It is a common and effective way to enforce SoD, but SoD is the fundamental principle being applied, not the implementation mechanism.