Options

Need Help - Split Knowledge vs Dual Control

ankurjoshiankurjoshi Member Posts: 6 ■□□□□□□□□□
in SSCP
Hello, can anyone please help me in understanding difference between Dual Control and Split Knowledge. I tries reading different resources but still not clear.
There was an example of dividing a key in two parts. I thought it is split knowledge but it was dual control.
· Share on FacebookShare on Twitter

Comments

  • Options
    shoeyshoey Member Posts: 111 ■■■□□□□□□□
    The easiest way I found to look at this is that Split Knowledge (i.e. separation of duties, and two-person control) tasks can be completed independently of one another. Dual Control requires that the separate tasks be completed simultaneously (e.g. in movies where two people using two separate keys, turn them at the same time to launch a missile).
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    · Share on FacebookShare on Twitter
  • Options
    ankurjoshiankurjoshi Member Posts: 6 ■□□□□□□□□□
    Thanks.. This is helpful.
    There is one more scenario, A cash box is protected with combination lock and key lock. One person is given code to open combination lock and other is given key to open key lock. Both should remain present with their unique code and key.
    Here, to open box you need both together. So this is dual control. This can be understood. But they are claiming that this is also split knowledge.
    Don't know how.... can you please help with this.
    · Share on FacebookShare on Twitter
  • Options
    shoeyshoey Member Posts: 111 ■■■□□□□□□□
    ankurjoshi wrote: »
    Thanks.. This is helpful.
    ...One person is given code to open combination lock and other is given key to open key lock. Both should remain present with their unique code and key...

    Essentially Person 1 inputs the combination, followed by Person 2 using the key to open the lock. These are two separate actions being completed that are independent of one another, and at two (albeit very short) different times. Just because both people are present at the time of opening does not mean it is Dual Control.

    For this to be a Dual Control question it might be something like "Person 1 and Person 2 must use the combination and key at the same time in order to gain access"
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    · Share on FacebookShare on Twitter
  • Options
    ankurjoshiankurjoshi Member Posts: 6 ■□□□□□□□□□
    So if it would have mentioned that both should use key and code at same time, is this situation caters both split knowledge and dual control?
    · Share on FacebookShare on Twitter
  • Options
    shoeyshoey Member Posts: 111 ■■■□□□□□□□
    ankurjoshi wrote: »
    So if it would have mentioned that both should use key and code at same time, is this situation caters both split knowledge and dual control?

    Split Knowledge = Information is split among two people
    Dual Control = Operation is split among two people

    If key and code are required in unison then it is Dual Control
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    · Share on FacebookShare on Twitter
  • Options
    ankurjoshiankurjoshi Member Posts: 6 ■□□□□□□□□□
    In case of cryptography, dividing a key in two parts is dual control. isn't key a information here ?
    · Share on FacebookShare on Twitter
  • Options
    shoeyshoey Member Posts: 111 ■■■□□□□□□□
    ankurjoshi wrote: »
    In case of cryptography, dividing a key in two parts is dual control. isn't key a information here ?

    Yes the key is information but it's being used in an operation (i.e. encryption)
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    · Share on FacebookShare on Twitter
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Ideally, split knowledge would require at least two, if not more, people to complete a related task while the other party or person(s) have no direct knowledge as to completing the entire task individually or would be made impossible for an individual to complete.

    Generally speaking you rarely see this outside of military settings though in the civilian world you may see IAM completed by two separate individuals. In fact Lotus Notes/Domino supported this ID creation scenario very early in its history making it very attractive to security sensitive businesses and government organizations alike. Unfortunately, Microsoft won the marketing war on that one.

    See the Wikipedia entry for SCI for another example. https://en.wikipedia.org/wiki/Sensitive_Compartmented_Information

    English is no place for a serious conversation.

    - b/eads
    · Share on FacebookShare on Twitter
Sign In or Register to comment.