Need help with my Computer Science question – I’m studying for my class.
Main Que:As the IoT (Internet of Things) grows, and users access corporate data with personal devices, companies are stuck balancing the ethical line between security with privacy. In regards to MDM systems and BYOD policies, answer the following questions:
- Is it OK to read employees’ e-mail as a security measure to ensure that sensitive company information isn’t being disclosed?
- Should you have access to those emails and files on a personal device that is accessing the company data via a 3rd party app (i.e. Outlook Mobile, or iOS default mail program)?
- If you do read employees’ e-mail, should you disclose that policy to them? Before or after the fact?
- Is it OK to read the documents and look at the graphics files that are stored on users’ computers or in their directories on the file server? On their mobile device?
Provide replies to below 2 discussions in each 150 words.
Segregation of duties is performed to control services and products within a project initiative to mitigate or prevent workplace errors or instances of fraudulent activities. Specific role-based tasks are broken down between individuals into multiple subcomponents and would go on to then increase the efficiency at which business operations function and reduce complexity of work due to staffing shortages. Segregation of duties is generally limited to critical business elements and aims to decrease the dependency on available resources.
As suggested above, segregation of duties is performed generally on critical business functions to decrease the impact on individual resources. These are performed and controlled up upper layers of management based on the individuals responsible for access controls, users who are granted specific access and record/logging of specific tasks.
performed by same individual.
A lack of segregation of critical business function can result in errors or fraudulent activities. To counter this, mitigation strategies are enforced to limit the number of activities that can be performed by single individuals and adds controls to the tasks performed.
A 2009 e-Crime survey has indicated that within 523 associations, 51% of those faces assault from internal resources which rose from a 39% in the past 3 years. There were details analysis reports conducted to ensure that these activities need to be monitored and tracker to reduce the risk of fraudulent activities. Client records were also found to be stolen or misinterpreted based on the Cyber-Ark Global survey conducted in 2011.
Segregation of Duties (SOD) is important to safeguard the assets. The main purpose of segregation is to oversight the work and review to catch the errors and to prevent fraud or theft. The main functions of SOD involve are taking responsibility in keeping assets, using assets with authorization, keeping the track of assets, and reconciliation. SOD decreases the power of one individual among an organization and helps in dividing the tasks among departments (Pomerantz and Rao, 2007).
Management can determine by considering how duties and activities are segregated among the individuals and the number of errors and frauds happening in an organization (Pomerantz and Rao, 2007).
Management with inadequate staff cannot segregate the duties properly. There is a chance that an individual may perform more than the capacity and one may perform less than his capacity which leads to an increase in risk and wastage of resources. Mitigating risk controls should be implemented to decrease the level of risk.
Find and share an example (news article online) where the separation of duties would have prevented an insider threat from exploiting a system. Describe how you would have prevented this incident.
Anthony Levandowski is a guy who works for Waymo in autonomous car division. In 2016, he left Waymo and joined Otto motors, shortly Uber bought Otto. Levandowski stole the intellectual property from the autonomous car division and downloaded the blueprints and brought them to Otto and sold them to Uber. Finally, Waymo sued Otto and settled the lawsuit by getting a 0.34 percent stake in the business from Otto (Wood, 2018).
This is the example of not segregating the duties properly. The main functions of SOD involve responsibility in keeping assets, using assets with authorization and keeping the track of assets. By implementing the above functions properly could have eliminated the fraud.