Upload File

towards a framework for achieving effective segregation of duties u of waterloo symposium 2007...

  • Home
  • Documents
  • Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram
9
Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium – 2007 Discussant: Ram Sriram

Upload: emery-summers

Post on 19-Jan-2018

213 views

Category:

Documents


0 download

Report

DESCRIPTION

Target Audience  Who is the target audience for this manuscript and the application that is described with in it? External Auditors? Internal Auditors? Evaluators of Sarbanes-Oxley?

TRANSCRIPT

Page 1: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Towards a Framework for Achieving Effective Segregation of Duties

U of Waterloo Symposium – 2007

Discussant: Ram Sriram

Page 2: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Motivation for this study

• Proposes a role-based separation of duties framework for improving security over information processing. • The framework is proposed within an accounting/transaction

cycle approach.• Expectation: The model can be used automate the resolution

of segregation of duties and conflicting access and other privileges.• Claim: It is a unified model of separation of duties.

Page 3: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Target Audience

Who is the target audience for this manuscript and the application that is described with in it?

• External Auditors?• Internal Auditors?• Evaluators of Sarbanes-Oxley?

Page 4: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Is the contribution new?

I am skeptical Both the concepts of separation of duties and

implementation within business cycles are not new.

How is this model different or how is it an improvement over well-recognized Clark-Wilson, Biba Integrity or other Access Matrix models.

Page 5: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Questions

Does not Clark-Wilson, Biba and others consider separation of duties in an automated context?

Why or in what sense, business cycles appropriate in automated and database environments?

Does it not conflict with one time data entry principles?

Page 6: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Other Questions

Is not business cycles and authorization, record-keeping and custody more appropriate to manual systems?

Are we going back in time to silo approaches?

How do computer-assisted controls play in this business cycles?

Don’t they mitigate the problems of conflicting duties?

Page 7: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Suggestions for Improvement

Agree: users have wrong rights assignments and also redundant and parallel access rights.

Tell the readers, how a business cycle based model will outcome this problem (in the context of an automated environment)?

Tell us how this model will be an improvement over access control matrices with read, write, execute privileges incorporated in them?

Page 8: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

Methodology

This is a theoretical paper The tables on business cycles and

separation of duties – how are they different and contribute compared to what is already available in accounting information system textbooks?

Page 9: Towards a Framework for Achieving Effective Segregation of Duties U of Waterloo Symposium 2007 Discussant: Ram Sriram

All the best


SriRam Field Trip Report

Sriram,s More Essay

Sriram subramaniam

Ms. Ramya Sriram,

Discussant: Helen Lettlow, DrPH

Sriram Biology 2013

What they don’t tell you: Software Engineering lessons Sriram Srinivasan (“Ram”) [email protected]

Trinkwasser Tharaka Sriram

Sriram E - Brochure

Sriram simplify os_sdevelopment

The Civil Rights Movement Ch. 18. Segregation Divides America De jure segregation- segregation upheld by law De facto segregation- segregation by unwritten

Spine injury - sriram mohanakumar

Sriram Current Affairs

Lra belshaw discussant

Sriram Economics Note

Introduction to Grid & Cluster Computing Sriram Krishnan, Ph.D. sriram@sdsc

Discussant slides final

Sriram - inv_pres_jan10_f865d6

Discussant Remarks

By Sriram Gaddamanugu

Discussant: Roberta De Filippis (EBA)*... · 2019-10-17 · Discussant: Roberta De Filippis (EBA)* * The views expressed are those of the discussant and do not necessarily represent

Chellappan Sriram

Icmi discussant presentation trimmed

Discussant: Lazonick Discussant: Dosi Discussant: Hughes 2012/ISS 2012 Parallel Program(1... · Maggi A dynamic countries-interaction model based on ... A case study of Economic Faculty

Shanta Sriram Techpark Brochure

CM229, Spring 2016 Sriram Sankararaman - UCLAweb.cs.ucla.edu/~sriram/courses/cm229.spring-2016/slides/intro.pdf · CM229, Spring 2016 Sriram Sankararaman. ... Alberts et al. Molecular

Bank Information Sharing and Liquidity Risk · cussant), Xavier Freixas, Chong Huang (discussant), Artashes Karapetyan (discussant), Michal Kowa-lik (discussant), Vasso Ioannidou,

Brian Kuwik (Lead Discussant)

Sriram Project

Sriram Subramanian - Semantic Scholar · Subramanian, Sriram Tangible Interfaces for Volume Navigation / by Sriram Subramanian. - Eindhoven: ... physical desktop,

An Introduction to Web Services Sriram Krishnan, Ph.D. [email protected]

NBER WORKING PAPER SERIES · Krishnamurthy, Hanno Lustig (discussant), Thomas Maurer (discussant), Monika Piazzesi, Robert Ready (discussant), Larry Schmidt (discussant), Martin Schneider,

Sriram Essays & Moral Philo

Sriram Chemistry

Corp FD - Sriram Transport