Publication

Access rights as a part of information security in enterprises

Golden, William
Conboy, Kieran
Acton, Thomas
Halonen, Raija
Citation
Halonen, R., Acton, T., Conboy, K., Golden, W. (December 13, 2008). "Access rights as a part of information security in enterprises". Paper 254. Paper presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2008). Paris, France.
Abstract
This paper highlights the problem with access rights as a part of information security in enterprises with many information systems and their human users. In many organisations, users often write down their user names and passwords, thus enabling outsiders to enter information systems without proper authorisation. Furthermore, access rights commonly remain active after their possessors have left the organisation or after roles in the organisation have changed. In addition, there are instances in enterprises where access rights are managed with severe deficiencies. In this study we discuss a case where this issue was found out to be in a critical state when the organisation planned to extend and specialise its business abroad. Literature exposed several approaches and concepts to be concerned with. In our paper, we introduce how we approached the problem with a pragmatic contextual view. Based on prior research we explored access rights perceived in the enterprise with the help of a pre-study in the mode of a semi-structured questionnaire. The design science based framework described by Hevner et al. (2004) provided us with a solution that satisfied the enterprise in its information security efforts. Instead of describing the artifact, we highlighted the usability of the framework in real life and explained how we applied it in our research project.
Funder
Publisher
Association of Information Systems
Publisher DOI
Rights
Attribution-NonCommercial-NoDerivs 3.0 Ireland