Which of the following are functions that are compatible in a properly segregated environment?

A.
Data entry and job scheduling

B.
Database administration and systems security

C.
Systems analyst and application programming

D.
Security administration and systems programming

Explanation:
The two most similar jobs are Data Entry and Job Scheduling, so they need not be segregated.
Administrative Management: Administratative management is a very important piece of operational
security. One aspect of administrative management is dealing with personnel issues. This includes
separation of duties and job rotation. The objective of separation of duties is to ensure that one
person acting alone cannot compromise the company’s security in any way. Highrisk activities should
be broken up into different parts and distributed to different individuals. This way the company does
not need to put a dangerously high level of trust on certain individuals and if fraud were to take
place, collusion would need to be committed, meaning more than one person would have to be
involved in the fraudulent activity. Separation of duties also helps to prevent many different types of
mistakes that can take place if one person is performing a task from the beginning to the end. For
instance, a programmer should not be the one to test her own code. A different person with a
different job and agenda should perform functionality and integrity testing on the programmer’s
code because the programmer may have a focused view of what the program is supposed to
accomplish and only test certain functions, input values, and in certain environments. Another
example of separation of duties is the difference between the functions of a computer operator
versus the functions of a system administrator. There must be clear cut lines drawn between system
administrator duties and computer operator duties. This will vary from environment to environment
and will depend on the level of security required within the environment. The system administrators
usually have responsibility of performing backups and recovery procedures, setting permissions,
adding and removing users, setting user clearance, and developing user profiles. The computer
operator on the other hand, may be allowed to install software, set an initial password, alter desktop
configurations, and modify certain system parameters. The computer operator should not be able to
modify her own security profile, add and remove users globally, or set user security clearance. This
would breach the concept of separation of duties. Pg 808-809 Shon Harris: All-In-One CISSP
Certification Exam Guide