Personnel Policies – Job Rotation
If you plan on taking the Security+ exam you should have a good understanding of the various personnel policies that organizations implement including a job rotation policy. These policies are used to define and clarify issues such as personnel behavior, expectations, and possible consequences. Personnel learn these policies when they are hired and as changes occur.
This blog is an excerpt of acceptable use topics from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Some of the other policies directly related to personnel are:
Job Rotation Practice Test Question
Here’s a sample job rotation question for the Security+ exam from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.
Q. Two administrators within an organization perform different functions and have different privileges. They are required to swap roles annually. What policy would direct this?
A. Mandatory vacation policy
B. Separation of duties policy
C. Least privilege policy
D. Job rotation policy
Ideally, you should not only know what the correct answer is, but also why it is correct and why the incorrect answers are incorrect.
Job Rotation
Job rotation is a concept that has employees rotate through different jobs to learn the procedures and processes in each. From a security perspective, job rotation helps to prevent or expose dangerous shortcuts or even fraudulent activity. Knowledge is shared with multiple people, and no one person can retain explicit control of any process or data.
For example, your company could have an accounting department. As mentioned in the separation of duties section, you would separate accounting into two divisions Accounts Receivable and Accounts Payable. Additionally, you could rotate personnel in and out of jobs in the two divisions. This would ensure more oversight over past transactions and help ensure that employees are following rules and policies.
In contrast, if a single person always performs the same function without any expectation of oversight, the temptation to go outside the bounds of established policy increases.
Job rotation policies work well together with separation of duties policies. A separation of duties policy helps prevent a single person from controlling too much. However, if an organization only used a separation of duties policy, it is possible for two people to join together in a scheme to defraud the company. If a job rotation policy is also used, these two people will not be able to continue the fraudulent activity indefinitely.
Job rotation policies also apply to IT personnel. For example, the policy can require administrators to swap roles on a regular basis, such as annually or quarterly. This prevents any single administrator from having too much control over a network.
Job Rotation Practice Test Question
Q. Two administrators within an organization perform different functions and have different privileges. They are required to swap roles annually. What policy would direct this?
A. Mandatory vacation policy
B. Separation of duties policy
C. Least privilege policy
D. Job rotation policy
Answer. D is correct. Job rotation policies require employees to change roles on a regular basis. Mandatory vacation policies require employees to take time away from their job and help detect malicious activities. A separation of duties policy separates individual tasks of an overall function between different people. Least privilege ensures that users are granted only the rights and permissions needed to perform assigned tasks but doesn’t require swapping roles.
Personnel Policy Comparisons
- Job rotation policies require employees to change roles on a regular basis. These policies help to prevent employees from continuing with fraudulent activities.
- An acceptable use policy defines proper system usage for users. Users are often required to read and sign an acceptable use policy when hired, and in conjunction with refresher training.
- Mandatory vacations policies require employees to take time away from their job. These policies help to reduce fraud and discover malicious activities by employees.
- Separation of duties policies separate individual tasks of an overall function between different entities or different people.
Security+ Study Resources
Study GuidePass the Security+ exam the first time you take it with the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
| ![]() |
You’ll be ready to take and pass the exam the first time you take it.
|
Practice Test Questions
Check your readiness for the Security+ exam with the CompTIA Security+ SY0-401 Practice Test Questions (Get Certified Get Ahead) book. Available in both paperback and Kindle format.
You can download free Kindle applications for just about any device from here. | ![]() |
The book is organized in six chapters matched to the six Security+ domains.Each chapter in the Kindle edition includes three sections:
Additionally, the acronym list at the end of the book provides relevant details on many of the acronyms referenced in the Security+ exam. |
Mobile Apps
Practice test questions for your mobile devices. Learnzapp has apps for a wide assortment of mobile devices including Apple, Android, Amazon, Nook, and Blackberry.
| ![]() |
Audio
Learn by ListeningSupplement your studies with Security+ audio files read directly from the CompTIA Security+ Get Certified Get Ahead SY0-401 book. A total of over 4 hours and 40 minutes are now available. Supplement your studies with Security+ audio files you can listen to while on the go. Listen to key topics from all the chapters of the top selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, or focus on just the topics you want to brush up on.
| ![]() |