Organizations should utilize Information Technology to manage their underlying operation functions and systems. By so doing, it will be easy to attain great information technology that will help prevent overlapping of duties between information technology and information system that can lead to inefficiency and inadequate security. For example, security information function should perfect on the patch and access management. In retrospect to that, security information system should deal with issues that involve web filter, firewall, and web application firewall. Finally, Information Security should focus on enforcing governance such as the development of policy procedures alongside tracking down security risk and vulnerability.
Accordingly, operation segregation between Information Technology and Information Security is a great tool that organizations should use to avoid fraud and conflicts of interests. With segregation of duties, individual deliberate frauds are minimized because there will be no collusion between Information Technology and Information Security. The measure is also alleviating in the sense that it bolsters the convenience for businesses to be categorized into authorization, reconciliation, record keeping, and custody. Importantly, operational segregation between information security and information system is a proven tool that can be used to reduce operational costs at the departmental level within an organization.
Despite its significance, conducting an operational segregation has never been any easier. Hence, it is vital that both information security and information technology departments should consider a number of factors before proceeding with segregation. For instance, the departments should utilize segregation preparation roadmap because it is a proven tool that can be used to provide an overview of the underlying technology transformation process. Phase one should deal with risk assessment. Phase two should address document sharing. Phase three should deal with the defining of boundaries and setting duties. Phase four should attend to revamping policy and finally, phase five should provide the handover plan.