"This control works in finance, and it will work in information security."

Writes Kevin Coleman at Computerworld.

Separation of duties (SoD) is widely known in the financial world. The key concept is disseminating the tasks and associated privileges for a specific security process among multiple people.

"Separation of duties is a common policy when people are handling money so that fraud requires collusion of two or more parties. This greatly reduces the likelihood of crime. Information should be handled in the same way. It is therefore imperative that an organization be designed so that no person acting alone can compromise security controls."

"There is an easy test for separation of duties. First, ask if any one person can alter or destroy your financial data without being detected. Then ask if any one person can steal or exfiltrate sensitive information. Finally, ask if any one person has influence over controls design and implementation as well as over reporting of the effectiveness of the controls. If the answer to any of these questions is yes, then you need to take a hard look at the separation of duties."

According to Coleman, there are five primary options for achieving separation of duties in information security. Click here to read them all.