Exam CS0-002 topic 1 question 283 discussion

Yes I would agree it is separation of duties... so why th does it say segregation of duties...??? If it says segregation of duties for the answer on the test I will be going with D

This one is confusing - Dual control is often seen in organizations that require two signatures for checks over a certain value. here we have a 3rd person when it's over 10k(can still be 2 people as the second person might only be signing for between 5k and 10k ). Segregation is a synonym but not used anywhere on the materials as a control.

Separation of duties = one person writes the cheque, the other person signs it. Dual control = two people are required to sign a cheque. Although they are extremely close, they aren't quite the same thing. Answer is A separation/segregation of duties

Hopefully the exam says "separation of duties" like the book. The Sybex CySA+ study guide v.2 gives an example of Dual Control for writing checks (p.239-240) - this would be if 2 people had to sign each large check TOGETHER. Another example given is a military weapon where two people have to turn their key to enable it. Dual Control is to make sure one person alone isn't making hasty decisions to perform sensitive tasks. These people in the question have different duties.

Dual control typically refers to a control mechanism that requires the involvement of two individuals to complete a specific action or process. However, the number of individuals required for dual control can vary depending on the specific context and requirements of the control mechanism. In some cases, more than two people may be required to implement dual control, especially in situations where the control involves more complex or high-risk activities. Ultimately, the appropriate number of people for dual control depends on the needs and goals of the organization implementing the control.

Wouldn’t this be dual control? They are all doing the same thing, signing the check - and it’s for a single job, sending the check out?

Segregation of duty involves making sure no user has enough privilege on their own to abuse a system. Each user should have a separate role to play in achieving the end result when abuse is possible. The exact scenario in this questions is outlined as such by NIST. https://csrc.nist.gov/glossary/term/separation_of_duty WRONG ANSWERS • B – job rotation is based on segregation of duty, but involves making sure people shift job duties around from time-to-time. It has many benefits, but is not what is being described here. • C – Non-repudiation involves ensuring a sender of information can prove their identity; that is, that their identity can NOT be repudiated (refused or denied). • D – A dual-control is one that is implemented by requiring 2 or more employees to carry out a task. In this case, each person is carrying out a different task.

There is no "segregation" of duties as far as I am aware I have only ever seen "separation" of duties in the Chappel/Seidl CYSA002 study guide as well as in Jason Dions CYSA course.

Since it is more than 2 people for the checks..... 1 to write the check 1 to sign the check 1 more to sign the check over a certain amount.... It is SEPERATION of duties

one person to write a check another person to sign all checks greater than $5.000 an additional signature for checks greater than $10,000 Three people, not two as dual control would be. Answer: A

The control that the organization has implemented is Segregation of Duties. Segregation of duties (SoD) is a security principle that involves separating critical functions or actions among multiple people. This reduces the risk of fraud, errors, or malicious activity by ensuring that no single individual has complete control over a business process. In this case, the organization has separated the tasks of inputting accounts payable and accounts receivable, as well as the tasks of writing and signing checks, and obtaining additional signatures for checks above a certain amount. By doing so, the organization has implemented a segregation of duties control.

The control implemented in the scenario is "Segregation of duties" which is designed to ensure that no single individual has control over all aspects of a financial transaction. In this case, the organization requires that different people be responsible for accounts payable and accounts receivable, as well as for writing and signing checks. This separation of duties helps prevent fraud, errors, or other irregularities by ensuring that no one person has too much control over a financial transaction

this is segregation of duties A.

Dual control is a control where two people are required to take a specific action for a transaction to be considered valid. This control is often used in sensitive transactions, such as financial transactions, to reduce the risk of fraud and errors. In the example provided, the requirement for two people to sign checks greater than $5,000, and an additional signature for checks greater than $10,000, is an example of dual control.