Instructor for this course
more

Two fundamental elements of internal control are restricted access and segregation of certain key duties. Segregation of duties (SOD) and system access controls are used to prevent fraud and safeguard information assets, intellectual property, personally identifiable information (PII) and protected health information (PHI).

The underlying idea behind SOD is that no employee or group of employees should be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. The principal duties typically outlined as incompatible and which should be segregated are:

  • Custody of assets
  • Authorization or approval of related transactions affecting those assets
  • Recording or reporting of related transactions

In Information Technology (IT), privilege controls are usually restricted according to user role. With today’s evolving technologies, SOD for information technology processes are critical to maintain safe and reliable data and protect against fraud.  A consistent framework should also encompass management duties (e.g., granting or revoking the proper rights to the appointed people, reporting and managing any exception to the procedures) and governance duties (evaluating, directing and monitoring SOD rules and practices in accordance with corporate governance).

This alternate model encompasses some management duties within the authorization of access granted and segregates them from the other duties. 

Learning Objectives

  • Explore the basic tenets of segregation of duties (SOD) as it relates to information technology (IT) processes.
  • Identify user categories for segregation of duties (SOD) related to information technology (IT).
  • Explore role based access controls (RBAC).
  • Discover methods to “scope” IT SOD through scoping of:
    • Assets as boundaries
    • Processes as boundaries
    • Identify the criticality of mapping activities with duties
    • Evaluation of systems and applications
    • Detecting conflicts that may arise
  • Discover the National Institute of Standards and Technology (NIST) categories of RBAC.
Last updated/reviewed: November 21, 2019

4 Reviews (26 ratings)Reviews

4
Anonymous Author
Great concise course over SoD and role based access provisioning methods and the mitigating controls structures. I would recommend this course for any entry level IT associate.
5
Anonymous Author
Test is poorly written based on materials for this course. I would suggest a re-write as this was not representative of the materials and the concepts.
5
Anonymous Author
Good course review for IT personnel and intro for new IT personnel.
4
Anonymous Author
Final exam didn't seem to fully correspond with covered material.

Prerequisites

Course Complexity:

No advanced preparation or prerequisites are required for this course.

Education Provider Information

Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
INTRODUCTION AND OVERVIEW
  5:24Introduction to Role Based Access Information Technology Controls and Segregation of Duties
  17:51SOD Basic Tenants & Role Based Access Control
  3:33Designations of RBAC
  6:25Implementing RBAC
  9:31RBAC VS. ACLS & User Categories
  8:28Benefits of RBAC
  7:05Specific SOD
  2:05Summary
CONTINUOUS PLAY
  1:00:22Introduction to Role Based Access Information Technology Controls and Segregation of Duties
SUPPORTING MATERIALS
  PDFSlides: Introduction to Role Based Access Information Technology Controls and Segregation of Duties
  PDFIntroduction to Role Based Access Information Technology Controls and Segregation of Duties Glossary/Index
REVIEW AND TEST
  quizREVIEW QUESTIONS
 examFINAL EXAM