John does systems maintenance for his department and is also responsible for performing the operational security audit once a year. What security management principle is John violating?
A.
Operational integrity
B.
Collusion
C.
Separation of duties
D.
Nondisclosure
Explanation:
Since John was responsible for doing the work on the system, John
should not also be the person to assess the quality of the work. This represents a
violation of the principle of separation of duties. No worker should be allowed to
check his own work. Collusion refers to the extra effort that a dishonest person
would have to take to accomplish a malicious task because separation of duties was
in place. Operational integrity is a term generally applied to operational processes
and doesnt apply to this case. Nondisclosure is a requirement not to share
sensitive information with persons not authorized to receive it.