The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database
administrator performing several other job functions within the company. Which of the following is the
BEST method to prevent such activities in the future?

A.
Job rotation

B.
Separation of duties

C.
Mandatory Vacations

D.
Least Privilege

Explanation:
Separation of duties means that users are granted only the permissions they need to do their work and
no more. More so it means that you are employing best practices. The segregation of duties and
separation of environments is a way to reduce the likelihood of misuse of systems or information. A
separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an
organization.
Incorrect Answers:
A: A job rotation policy defines intervals at which employees must rotate through positions. This is so that
the company does not become too dependent on one person.
C: A mandatory vacation policy requires all users to take time away from work to refresh. If the company
becomes too dependent on one person, they can end up in a real bind if something should happen to
that person.
D: Least Privilege means giving users only the permissions that they need to do their work and no more.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014,pp 24, 25, 26, 153
http://en.wikipedia.org/wiki/Separation_of_duties