Week 2 Individual Assignment
University of Phoenix – CMGT 430

In order to better serve Riordan Manufacturing’s information security infrastructure, a solid plan must be put in place to ensure that the approach to its implementation is logical, easy to follow, and effective. Many aspects must be considered when formulating an information security policy, including the needs of the company vs. best practice, thus striking a delicate balance between both variables. Therefore Smith Systems Consulting is dedicated to ensuring that a quality service is delivered that will meet these objectives. However, before a more comprehensive plan can be put into place, it is important that Smith Systems Consulting understands exactly how the security plan will be managed, and how to enforce it on the most basic level. It is therefore the opinion of our company to begin by defining a simple, yet utterly crucial part of Riordan’s base information security policy: separation of duties via the practice and implementation of role assignments. Separation of duties, in information technology, is the practice of dividing both IT staff and end users into managed groups, or roles. While users and IT staff, from an administrative level, may fall into several groups (ex., Accounting Department, Maintenance, Security, etc), these groups are not enough to enforce proper security policy. A more comprehensive approach is to define what the base access is for all of these groups, thus the use of roles. Roles basically define what level of system access each user and user group will have, and what permissions each person will have on their personal computer, as well as servers and databases (for IT staff). Roles help ensure the concept of “Separation of Duties”, when helps to ensure that users and IT staff are only granted the level of system access that is required, and that no administrative