A financial services company wants to enforce segregation of duties (SoD) between its application developers and its quality assurance (QA) team. Both teams need to work on the same development server. Which of the following is the MOST effective and efficient method for a security administrator to implement SoD in this scenario?
Require developers to check in their code, which a manager then manually deploys for the QA team.
Implement role-based access control (RBAC) to assign distinct permissions to the developer and QA roles on the server.
Grant both teams administrative privileges but enable a detailed audit log to track all actions.
Procure a second, identical server for the QA team to perform their testing.
The most effective and efficient way to enforce segregation of duties on a shared system is to use logical access controls. Implementing role-based access control (RBAC) allows the administrator to create distinct roles for developers and QA testers with specific permissions tailored to their job functions. This prevents developers from approving their own code or accessing QA tools, and vice-versa, directly on the same machine without the need for costly and inefficient physical separation. Relying solely on an audit trail without preventative controls violates the principle of SoD. Procuring a separate server is not efficient, and while a manual approval process through a manager is a form of SoD, it is not the most efficient technical control to implement on the server itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access controls and how do they relate to segregation of duties?
Open an interactive chat with Bash
What is the difference between physical and logical separation in security?
Open an interactive chat with Bash
Can you give an example of how segregation of duties can be enforced without separate machines?