description defines the roles to which an employee needs to be assigned to perform their work
               tasks. The job description should define the type and extent of access the position requires
               on  the  secured  network.  Once  these  issues  have  been  resolved,  assigning  a  security
               classification to the job description is standard.


                                        The Importance of Job Descriptions

                       Job  descriptions  are  important  to  the  design  and  support  of  a  security  solution.
               However, many organizations either have overlooked this or have allowed job descriptions to
               become stale and out-of-sync with reality. Try to track down your job description. Do you even
               have one? If so, when was it last updated? Does it accurately reflect your job? Does it describe
               the type of security access you need to perform the prescribed job responsibilities? Some
               organizations must craft job descriptions to follow Service Organization Control (SOC) 2, while
               others following ISO 27001 require annual reviews of job descriptions.

               Important elements in constructing job descriptions that are in line with organizational
               processes include separation of duties, job responsibilities, and job rotation.


                   1.  Separation of Duties

                       A Security concept in which critical, significant, and sensitive work tasks are divided
                       among several individual administrators or high-level operators. It is also a protection
                       against collusion, which is the occurrence of negative activity undertaken by two or
                       more people, often for the purposes of fraud, theft, or espionage. (See Figure 2.1)

                       Figure 2. 1 An example of separation of duties related to five admin tasks and seven
                       administrators


















                   2.  Job Responsibilities

                       Specific work tasks an employee is required to perform on a regular basis. To
                       maintain the greatest security, access should be assigned according to the principle
                       of least privilege.

                   3.  Job Rotation

                       or rotating employees among multiple job positions, is simply a means by which an
                       organization improves its overall security. It server two functions:

                          •  Multiple employees are capable of performing the work tasks required by
                              several job positions, thus resulting in less downtime.
               ITEC106 – Systems Security                                       Mr. John Mark L. Dula