There should be a clear distinction for job responsibilities; however, I have seen this situation in small shops (REALLY SMALL shops). If you must work within this type of situation, you need to institute mitigating controls to reduce the likelihood of accidental compromise or fraud. Management will need to become active in hiring practices (insuring background checks), bonding individuals (which should be routine for individuals in all critical areas), routine report monitoring/auditing. Recertification of users to resources and resources to users needs to be performed at least yearly to assure proper access controls are in place. Since the system administration group is probably placed within the confines of the computer room, an audit of physical and logical controls also needs to be performed by a third party.
Dig Deeper on Information Security Policies, Procedures and Guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.