8

I'm studying for CISSP and came across the term "collusion". I understand it means when people work together to steal something, but don't quite get it. For example, if two gunmen rob a bank would that be collusion, or is it implied that two people inside a company work to defraud it, or one person on the inside helps someone on the outside, or what?

I had a practice question that said "true or false, does division of duties prevent collusion?" the answer given was "false, it doesn't always, and by definition collusion is working together". Could someone elaborate on the reasoning? Separation of duties could help, but nothing is 100% guaranteed so it was a bit tricky for a true or false question...

By the way, I'm tagging this as physical, but have no idea of it only pertains to physical assets.

Celeritas
  • 10,039
  • 22
  • 77
  • 144

1 Answers1

9

Collusion is where the bank guard opens the doors after closing, and the safecracker cracks the vault. Both people have a specific job to do that the other cannot, and without that job, the event cannot take place.

That's a different scenario from 2 people walking in with guns.

Separation of duties means that for someone to steal something, it requires collusion. If everyone has the keys to the bank doors and the combination to the vault, then collusion isn't necessary.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Thanks, does collusion require at least one perpetrator to be employed by the business that's being robbed? For example would two thiefs be committing collusion if one lifts the other in through a window? – Celeritas Feb 17 '16 at 05:07
  • @Celeritas typically, yes – schroeder Feb 17 '16 at 05:46