Access rights as a part of information security in enterprises
MetadataShow full item record
This item's downloads: 872 (view details)
Halonen, R., Acton, T., Conboy, K., Golden, W. (December 13, 2008). "Access rights as a part of information security in enterprises". Paper 254. Paper presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2008). Paris, France.
This paper highlights the problem with access rights as a part of information security in enterprises with many information systems and their human users. In many organisations, users often write down their user names and passwords, thus enabling outsiders to enter information systems without proper authorisation. Furthermore, access rights commonly remain active after their possessors have left the organisation or after roles in the organisation have changed. In addition, there are instances in enterprises where access rights are managed with severe deficiencies. In this study we discuss a case where this issue was found out to be in a critical state when the organisation planned to extend and specialise its business abroad. Literature exposed several approaches and concepts to be concerned with. In our paper, we introduce how we approached the problem with a pragmatic contextual view. Based on prior research we explored access rights perceived in the enterprise with the help of a pre-study in the mode of a semi-structured questionnaire. The design science based framework described by Hevner et al. (2004) provided us with a solution that satisfied the enterprise in its information security efforts. Instead of describing the artifact, we highlighted the usability of the framework in real life and explained how we applied it in our research project.
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. Please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.
The following license files are associated with this item: