× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2007

RE: Separation of Duties...

From: John Myers

No one likes bureaucracy, but the purpose of separation of duties is
clear ... that it requires a conspiracy of at least two people in
order for fraud to occur. For example, a "trusted" person to change
inventory quantities in a file (ENDJRN, DFU/DBU, STRJRN anyone) & a
person in the warehouse to remove the inventory. How many of your
systems could catch this?

Okay, I'm not going to get involved in a debate, but every system I've ever
implemented since the 1980's could handle this, precisely because the ENDJRN
is posted in the journal. There is never a good reason to end journaling on
a journaled production file, and if you understand the system, ENDJRN raises
an immediate flag and an investigation. If the "trusted" person who ran the
ENDJRN doesn't have a good explanation, they probably should be fired.

Remember: any person with authorization to security-related commands is able
to do serious damage. A truly unscrupulous individual can do just as much
damage with an unauthorized save/restore or use of SST.

This is not meant to be a recommendation against separation of duties.
Instead, i5/OS combined with common sense security practices is safer than
any other common business platform. However, you have to realize that many
of the industry standard security measures don't apply the same way to - and
are often unneeded with - i5/OS, and the fact that IBM doesn't market this
to the world is a travesty.

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.