Show simple item record

dc.contributor.authorGolden, Williamen
dc.contributor.authorConboy, Kieranen
dc.contributor.authorActon, Thomasen
dc.contributor.authorHalonen, Raijaen
dc.identifier.citationHalonen, R., Acton, T., Conboy, K., Golden, W. (December 13, 2008). "Access rights as a part of information security in enterprises". Paper 254. Paper presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2008). Paris, France.en
dc.description.abstractThis paper highlights the problem with access rights as a part of information security in enterprises with many information systems and their human users. In many organisations, users often write down their user names and passwords, thus enabling outsiders to enter information systems without proper authorisation. Furthermore, access rights commonly remain active after their possessors have left the organisation or after roles in the organisation have changed. In addition, there are instances in enterprises where access rights are managed with severe deficiencies. In this study we discuss a case where this issue was found out to be in a critical state when the organisation planned to extend and specialise its business abroad. Literature exposed several approaches and concepts to be concerned with. In our paper, we introduce how we approached the problem with a pragmatic contextual view. Based on prior research we explored access rights perceived in the enterprise with the help of a pre-study in the mode of a semi-structured questionnaire. The design science based framework described by Hevner et al. (2004) provided us with a solution that satisfied the enterprise in its information security efforts. Instead of describing the artifact, we highlighted the usability of the framework in real life and explained how we applied it in our research project.en
dc.publisherAssociation of Information Systemsen
dc.subjectInformation system securityen
dc.subjectDesign scienceen
dc.subjectAccess rightsen
dc.subject.lcshData protectionen
dc.subject.lcshComputer securityen
dc.subject.lcshInformation security and cryptographyen
dc.titleAccess rights as a part of information security in enterprisesen
dc.typeConference Paperen

Files in this item

Attribution-NonCommercial-NoDerivs 3.0 Ireland
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. Please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.

The following license files are associated with this item:

This item appears in the following Collection(s)

Show simple item record