1 of 1 people found this helpful
An IT Security team member might have normal access permissions like any user. They might be given specific accounts or elevated access / privileges within defined applications and domains.
To perform higher risk tasks, those requiring special access, Security Specialists may be required to log in with an entirely different account, perhaps with additional authentication from the three-legged stool. And then be required to log out of those special accounts for doing normal tasks that require less visibility and tracking and transparency.
Check out the wealth of CISSP quizzes, PowerPoints, and programs here: Google
NISP is a great resource: National Industrial Security Program
If you're dealing with money via a large institutional environment, PCI Standards are going to be your read: Official Source of PCI DSS Data Security Standards Documents and Payment Card Compliance Guidelines
Perhaps the final authority, until you enter the CIA or Military, is the NSA reference here: Security Configuration Guides - NSA/CSS
You're welcome! If this was helpful, or answered your question, I'd be grateful if you marked it as such with the options in the drop downs.