SSCP · Question #221
SSCP Question #221: Real Exam Question with Answer & Explanation
The correct answer is D: systems programmer. Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems. Programmers should not be allowed
Question
It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?
Options
- Asecurity administrator
- Bsecurity analyst
- Csystems auditor
- Dsystems programmer
Explanation
Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems. Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organization's change management control system. Because the security administrator's job is to perform security functions, the performance of non- security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities.
Topics
Community Discussion
No community discussion yet for this question.