TU Darmstadt / ULB / TUbiblio

Exploring Twisted Paths: Analyzing Authorization Processes in Organizations

Bartsch, Steffen (2011)
Exploring Twisted Paths: Analyzing Authorization Processes in Organizations.
Milan, Italy
doi: 10.1109/ICNSS.2011.6060003
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Problems in organizational authorization result in productivity impacts and in security risks, for example, from over-entitlements and non-compliance. Many of the problems originate from organizational dynamics in combination with problematic authorization procedures for permission changes. To mitigate these problems and to improve the processes or craft supporting tools, a solid understanding of the processes and interactions between stakeholders is required. However, little prior empirical research covers authorization procedures. This paper presents an exploratory study of the procedures in organizational contexts. To enable a systematic analysis, an authorization process model is introduced that focuses on the interrelation of stakeholders and activities. The study discusses process characteristics, including the degree of centralization and the formality of interactions. Beyond this study, the model should serve as a basis for further research and support process designers to identify potentials of improvements.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Bartsch, Steffen
Art des Eintrags: Bibliographie
Titel: Exploring Twisted Paths: Analyzing Authorization Processes in Organizations
Sprache: Englisch
Publikationsjahr: September 2011
Verlag: IEEE Computer Society
Buchtitel: NSS '11: Proceedings of the 5th International Conference on Network and System Security
Veranstaltungsort: Milan, Italy
DOI: 10.1109/ICNSS.2011.6060003
Kurzbeschreibung (Abstract):

Problems in organizational authorization result in productivity impacts and in security risks, for example, from over-entitlements and non-compliance. Many of the problems originate from organizational dynamics in combination with problematic authorization procedures for permission changes. To mitigate these problems and to improve the processes or craft supporting tools, a solid understanding of the processes and interactions between stakeholders is required. However, little prior empirical research covers authorization procedures. This paper presents an exploratory study of the procedures in organizational contexts. To enable a systematic analysis, an authorization process model is introduced that focuses on the interrelation of stakeholders and activities. The study discusses process characteristics, including the degree of centralization and the formality of interactions. Beyond this study, the model should serve as a basis for further research and support process designers to identify potentials of improvements.

Freie Schlagworte: Secure Data
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen