Which of the following are functions that are compatible in a properly segregated environment?

A.
Data entry and job scheduling

B.
Database administration and systems security

C.
Systems analyst and application programming

D.
Security administration and systems programming

Explanation:
The two most similar jobs are Data Entry and Job Scheduling, so they need not be
segregated.
Administrative Management: Administratative management is a very important piece of
operational security. One aspect of administrative management is dealing with personnel issues.
This includes separation of duties and job rotation. The objective of separation of duties is to
ensure that one person acting alone cannot compromise the company’s security in any way. Highrisk activities should be broken up into different parts and distributed to different individuals. This
way the company does not need to put a dangerously high level of trust on certain individuals and
if fraud were to take place, collusion would need to be committed, meaning more than one person
would have to be involved in the fraudulent activity.
Separation of duties also helps to prevent many different types of mistakes that can take place if
one person is performing a task from the beginning to the end. For instance, a programmer should
not be the one to test her own code. A different person with a different job and agenda should
perform functionality and integrity testing on the programmer’s code because the programmer may
have a focused view of what the program is supposed to accomplish and only test certain
functions, input values, and in certain environments.
Another example of separation of duties is the difference between the functions of a computer
operator versus the functions of a system administrator. There must be clear cut lines drawn

between system administrator duties and computer operator duties. This will vary from
environment to environment and will depend on the level of security required within the
environment. The system administrators usually have responsibility of performing backups and
recovery procedures, setting permissions, adding and removing users, setting user clearance, and
developing user profiles. The computer operator on the other hand, may be allowed to install
software, set an initial password, alter desktop configurations, and modify certain system
parameters. The computer operator should not be able to modify her own security profile, add and
remove users globally, or set user security clearance. This would breach the concept of separation
of duties.
Pg 808-809 Shon Harris: All-In-One CISSP Certification Exam Guide