Segregation of responsibilities

Answer: When there is a single person responsible for both, networks and applications, there is an increased risk that a malicious or unintentional misconfiguration leaves information exposed to unauthorized people.

For example, application servers sharing the same network with workstations makes infrastructure administration easier, but increases the risks of unauthorized access. Another example is an administrator that opens a service port in a server, and by configuring a network path, uses it for remotely access a server, when organizational policy prohibits that.

By segregating network and applications responsibilities it is more difficult for a single person to make such a mistake or intentional violation of access rights.

These articles will provide you further explanation about job segregation:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera .com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
- Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/

These materials will also help you regarding job segregation:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/