is3230 week1 assgnmnt1
Segregation of Duties Matrix
(System User–Rights and Permissions)
Department
Jennifer
Buster
Bradley
Lloyd
LuEllen
Robert
Spare
Sam
Receiving
RO
RO
F
F
RO
F
T/BP
F
Shipping
RO
F
F
RO
F
RO
T/BP
F
Sales
F
N
F
RO
N
RO
T/BP
F
Accounts Payable
F
N
F
F
N
N
T/BP
F
What were the incompatible functions in Jennifer’s access account, and why do you think such an incompatibility existed?
In Jennifer’s access account there were two incompatible functions. She was assigned access to both the receiving and shipping departments. This would have allowed her to make entries into the systems that may not have been accurate. With Jennifer’s primary job as Sales, and secondary as an Accounts Payable clerk, her system access needs to be modified in accordance with her duties. By correcting her access to read only for the Receiving and Shipping departments, she can now see the activity and provide updates to customers that may inquiry her about a shipment, and still perform her duties in Sales and Accounts Payable. Based on the initial duties matrix, it appears that everyone had been granted access to every department. This incompatibility that began with entering the users into the system, is what can lead to incorrect and accidental entries into a specific departments system.
What were the potential conflicts and incompatible functions in Lloyd’s access account authorizations?
The potential conflicts and incompatible functions in Lloyd’s access was having access to all departments. As the purchasing agent, Lloyd would need to update Receiving and Accounts Payable as orders dictate. Lloyd having Read Only access to Shipping and Sales can allow him to keep ahead as orders are entered into the system.
What are the requirements for Buster and LuEllen?
As Buster and LuEllen are shippers, the only access they should be granted is to the shipping department. Allowing Read Only access to the Receiving department can allow them to keep abreast of inventory fluctuations and be better
(System User–Rights and Permissions)
Department
Jennifer
Buster
Bradley
Lloyd
LuEllen
Robert
Spare
Sam
Receiving
RO
RO
F
F
RO
F
T/BP
F
Shipping
RO
F
F
RO
F
RO
T/BP
F
Sales
F
N
F
RO
N
RO
T/BP
F
Accounts Payable
F
N
F
F
N
N
T/BP
F
What were the incompatible functions in Jennifer’s access account, and why do you think such an incompatibility existed?
In Jennifer’s access account there were two incompatible functions. She was assigned access to both the receiving and shipping departments. This would have allowed her to make entries into the systems that may not have been accurate. With Jennifer’s primary job as Sales, and secondary as an Accounts Payable clerk, her system access needs to be modified in accordance with her duties. By correcting her access to read only for the Receiving and Shipping departments, she can now see the activity and provide updates to customers that may inquiry her about a shipment, and still perform her duties in Sales and Accounts Payable. Based on the initial duties matrix, it appears that everyone had been granted access to every department. This incompatibility that began with entering the users into the system, is what can lead to incorrect and accidental entries into a specific departments system.
What were the potential conflicts and incompatible functions in Lloyd’s access account authorizations?
The potential conflicts and incompatible functions in Lloyd’s access was having access to all departments. As the purchasing agent, Lloyd would need to update Receiving and Accounts Payable as orders dictate. Lloyd having Read Only access to Shipping and Sales can allow him to keep ahead as orders are entered into the system.
What are the requirements for Buster and LuEllen?
As Buster and LuEllen are shippers, the only access they should be granted is to the shipping department. Allowing Read Only access to the Receiving department can allow them to keep abreast of inventory fluctuations and be better
References: Ballad, Bill, Tricia Ballad, and Erin K. Banks. 2011. Access Control, Authentication, and Public Key Infrastructure. Sudbury: Jones & Bartlett Learning.