Educause Security Discussion mailing list archives
IT Separation of Duties question
From: Jamie Schademan <Jamie.Schademan () CWU EDU>
Date: Thu, 23 Jul 2020 17:35:46 +0000
Hello, Because of a turnover in our System Administrator position for PeopleSoft (patching, upgrade, moves to production), we (security) are being asked to allow a number of our PeopleSoft developers to have access to do the admin job function. I have provided information to leadership about the violation of Segregation of Duties, the ISACA SoD in IT Matrix, and other arguments for not doing this. For reference we have an application group of approximately 23 people. My recommendation has been to provide someone with the opportunity to upgrade into the PeopleSoft System Admin role, but that has not been well received. They would just like to just have developers also do system admin work. Can I get your input and experiences on this? Thank you, Jamie Jamie Schademan CISM, MSIT, MSCS Chief Information Security Officer Information Security Services Central Washington University ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- IT Separation of Duties question Jamie Schademan (Jul 23)
- Re: IT Separation of Duties question Jones, Mark B (Jul 23)
- Re: IT Separation of Duties question randy (Jul 23)
- Re: IT Separation of Duties question Jamie Schademan (Jul 23)