Page 1133 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1133
make an environment less dependent on any single individual.
Job rotation can act as both a deterrent and a detection mechanism. If
employees know that someone else will be taking over their job
responsibilities at some point in the future, they are less likely to take
part in fraudulent activities. If they choose to do so anyway,
individuals taking over the job responsibilities later are likely to
discover the fraud.
Mandatory Vacations
Many organizations require employees to take mandatory vacations
in one-week or two-week increments. This provides a form of peer
review and helps detect fraud and collusion. This policy ensures that
another employee takes over an individual’s job responsibilities for at
least a week. If an employee is involved in fraud, the person taking
over the responsibilities is likely to discover it.
Mandatory vacations can act as both a deterrent and a detection
mechanism, just as job rotation policies can. Even though someone
else will take over a person’s responsibilities for just a week or two,
this is often enough to detect irregularities.
Financial organizations are at risk of significant losses
from fraud by employees. They often use job rotation, separation of
duties and responsibilities, and mandatory vacation policies to
reduce these risks. Combined, these policies help prevent incidents
and help detect them when they occur.
Privileged Account Management
Privileged account management ensures that personnel do not have
more privileges than they need and that they do not misuse these
privileges. Special privilege operations are activities that require
special access or elevated rights and permissions to perform many
administrative and sensitive job tasks. Examples of these tasks include
creating new user accounts, adding new routes to a router table,
