It is a violation of the “separation of duties” principle when which of the following individuals access the software
on systems implementing security?

A.
security administrator

B.
security analyst

C.
systems auditor

D.
systems programmer

Explanation:
Reason: The security administrator, security analysis, and the system auditor need access to portions of the
security systems to accomplish their jobs. The system programmer does not need access to the working (AKA:
Production) security systems.
Programmers should not be allowed to have ongoing direct access to computers running production systems
(systems used by the organization to operate its business). To maintain system integrity, any changes they
make to production systems should be tracked by the organization’s change management control system.
Because the security administrator’s job is to perform security functions, the performance of non-security tasks
must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing
their authority by taking actions outside of their assigned functional responsibilities.
Incorrect Answers:
A: The security administrator needs to access the software on systems implementing security to perform his job
function.
B: The security analyst needs to access the software on systems implementing security to perform his job
function.
C: The systems auditor needs to access the software on systems implementing security to perform his job
function.