Educause Security Discussion mailing list archives

Re: IT Separation of Duties question

From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Thu, 23 Jul 2020 17:39:28 +0000

I suggest requesting an audit and let them tell management that this is a
bad idea.

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jamie Schademan
Sent: Thursday, July 23, 2020 12:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IT Separation of Duties question

**** EXTERNAL EMAIL ****

Hello,

Because of a turnover in our System Administrator position for PeopleSoft
(patching, upgrade, moves to production), we (security) are being asked to
allow a number of our PeopleSoft developers to have access to do the admin
job function.  I have provided information to leadership about the violation
of Segregation of Duties, the ISACA SoD in IT Matrix, and other arguments
for not doing this.  

For reference we have an application group of approximately 23 people.  My
recommendation has been to provide someone with the opportunity to upgrade
into the PeopleSoft System Admin role, but that has not been well received.
They would just like to just have developers also do system admin work.  

Can I get your input and experiences on this? 

Thank you,

Jamie

Jamie Schademan

CISM, MSIT, MSCS

Chief Information Security Officer

Information Security Services

Central Washington University

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_commu
nity&d=DwMFAg&c=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw&r=Lgw4Sh6g47kM5A
_tpEcLZDyPGvmOKdeDlyp60PwA78c&m=x-wNQkLwgdJizeVy8fQ2wdZUJeBE8CF7KXH_sCxLTG8&
s=pdI5s24IXITlN85tMcGWY5NElMt1ErDrxowJl913HMI&e=>  

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_commu
nity&d=DwMFAg&c=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw&r=Lgw4Sh6g47kM5A
_tpEcLZDyPGvmOKdeDlyp60PwA78c&m=x-wNQkLwgdJizeVy8fQ2wdZUJeBE8CF7KXH_sCxLTG8&
s=pdI5s24IXITlN85tMcGWY5NElMt1ErDrxowJl913HMI&e=>  

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description:

Current thread:

IT Separation of Duties question Jamie Schademan (Jul 23)
- Re: IT Separation of Duties question Jones, Mark B (Jul 23)
- Re: IT Separation of Duties question randy (Jul 23)
  - Re: IT Separation of Duties question Jamie Schademan (Jul 23)