Separation of duty is one of the most powerful tools an information security professional has. But that is exactly what it is: a tool; not a goal.
My family and I live in a very safe suburban neighborhood. The incorporated village has its own police force, and most of the village's budget is spent on it. Much to my surprise, we have been becoming more and more aware of suspicious activities in a house in our area; cars pull up at the strangest hours and leave again within 5 minutes. Usually someone walks over from the car to the house, a handshake is exchanged and the visiting party leaves. Sounds like there is some trade in "stuff" going on.
As with most people, we are not too happy that this is happening on our doorstep. We have repeatedly called the local police department and even had house visits by detectives who were trying to figure out, from our witness statements, what might be going on. The last house visit ended with the detectives reassuring us to call whenever.
Much to our chagrin, whenever we have been calling we cannot get
past a dispatcher who knows nothing about the case and refuses to
forward our calls to the detectives. Today was a new record; as we
witnessed another exchange, we called the police department.
The response? "Sorry, the detectives do not work on Saturday. Please call back Monday after 9am to file your report."
It gets "funnier". This time, the car that pulled up was model
streetracer; lots of engine revs and loud music. Our next-door
neighboors also called dispatch to complain about the loud noises.
Guess what? Within 5 minutes; three marked police cars show up on the
scene to check out what was going on!
I understand that detectives do investigations; just like in
information technology, it is the information security officer who does
the investigation and the field support techs who do take the general
calls. But please; separation of duty is a tool, not a goal. When the
dispatcher choses to send three squad cars to a noise complaint, but
none to an alleged drug deal, something is wrong in this world.