I normally listen to videos/audios at x1.75 but to this, I listened at x0.75. The information is just too heavy to digest at this speed :) Eric is my favorite CISSP resource. Just adore his work on his book and the lectures he delivers.
People are more dumb than evil! Need to integrate that into my next annual security awareness training. We combine our HR training so can’t wait to work with HR on that slide! :)
Please correct me if I'm wrong, but I believe separation of duties is a high level concept, of which dual control is one of the possible ways to achieve this.
@@mikiejjjjjjjjjjjjjjj in my understanding, dual control is something where two person need to work together to complete a task, segregation of duties is something where task itself is different for each user which mitigates risk at a larger scale , not sure if I got it right :)
@@vineet0301 you are right. Separation of duties makes sure a process is completed by multiple people (for example employee A prepares a financial transaction and employee B actually commits it into the system). Dual control requires somebody to "sign off" or help on a request (for example, every transaction above 30k requires management approval or the or the classic 2 keys to launch a nuke)
dual control : you have 2 people to ignite missile launch separation of duties : 2 person don't do exactly the same jobs so they cannot do too much damage and can identify rogue employees
according to AIO, separation of duties has two variations: split knowledge and dual control. Split knowledge: Two managers are required to open a vault with each knowing half of the combination. Dual control: two managers need to perform an identical key-turn to open the vault.
Just out of curiosity, if I tried to take the exam knowing only what was in this video and a bit of good reasoning and educated guesses, what % score would I get?
The exam is specifically written so it doesn't test your knowledge (it assumes you already have a solid understanding of these terms), instead you need to APPLY the concepts from the perspective of security management advising the executive committee - as a technical individual this was the hardest part to effectively demonstrate (picking the BEST answer even if it's not the correct technical answer).