ARAN - Access to Research at NUI Galway

Access rights as a part of information security in enterprises

ARAN - Access to Research at NUI Galway

Show simple item record Golden, William en Conboy, Kieran en Acton, Thomas en Halonen, Raija en 2009-06-29T14:40:04Z en 2009-06-29T14:40:04Z en 2008 en
dc.identifier.citation Halonen, R., Acton, T., Conboy, K., Golden, W. (December 13, 2008). "Access rights as a part of information security in enterprises". Paper 254. Paper presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2008). Paris, France. en
dc.identifier.uri en
dc.description.abstract This paper highlights the problem with access rights as a part of information security in enterprises with many information systems and their human users. In many organisations, users often write down their user names and passwords, thus enabling outsiders to enter information systems without proper authorisation. Furthermore, access rights commonly remain active after their possessors have left the organisation or after roles in the organisation have changed. In addition, there are instances in enterprises where access rights are managed with severe deficiencies. In this study we discuss a case where this issue was found out to be in a critical state when the organisation planned to extend and specialise its business abroad. Literature exposed several approaches and concepts to be concerned with. In our paper, we introduce how we approached the problem with a pragmatic contextual view. Based on prior research we explored access rights perceived in the enterprise with the help of a pre-study in the mode of a semi-structured questionnaire. The design science based framework described by Hevner et al. (2004) provided us with a solution that satisfied the enterprise in its information security efforts. Instead of describing the artifact, we highlighted the usability of the framework in real life and explained how we applied it in our research project. en
dc.format application/pdf en
dc.language.iso en en
dc.publisher Association of Information Systems en
dc.subject Information system security en
dc.subject Design science en
dc.subject Access rights en
dc.subject.lcsh Data protection en
dc.subject.lcsh Computer security en
dc.subject.lcsh Information security and cryptography en
dc.title Access rights as a part of information security in enterprises en
dc.type Conference Paper en

Files in this item

This item appears in the following Collection(s)

Show simple item record