Bartsch, Steffen (2011):
Exploring Twisted Paths: Analyzing Authorization Processes in Organizations.
In: NSS '11: Proceedings of the 5th International Conference on Network and System Security, IEEE Computer Society, Milan, Italy, DOI: 10.1109/ICNSS.2011.6060003, [Conference or Workshop Item]
Abstract
Problems in organizational authorization result in productivity impacts and in security risks, for example, from over-entitlements and non-compliance. Many of the problems originate from organizational dynamics in combination with problematic authorization procedures for permission changes. To mitigate these problems and to improve the processes or craft supporting tools, a solid understanding of the processes and interactions between stakeholders is required. However, little prior empirical research covers authorization procedures. This paper presents an exploratory study of the procedures in organizational contexts. To enable a systematic analysis, an authorization process model is introduced that focuses on the interrelation of stakeholders and activities. The study discusses process characteristics, including the degree of centralization and the formality of interactions. Beyond this study, the model should serve as a basis for further research and support process designers to identify potentials of improvements.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2011 |
| Creators: | Bartsch, Steffen |
| Title: | Exploring Twisted Paths: Analyzing Authorization Processes in Organizations |
| Language: | English |
| Abstract: | Problems in organizational authorization result in productivity impacts and in security risks, for example, from over-entitlements and non-compliance. Many of the problems originate from organizational dynamics in combination with problematic authorization procedures for permission changes. To mitigate these problems and to improve the processes or craft supporting tools, a solid understanding of the processes and interactions between stakeholders is required. However, little prior empirical research covers authorization procedures. This paper presents an exploratory study of the procedures in organizational contexts. To enable a systematic analysis, an authorization process model is introduced that focuses on the interrelation of stakeholders and activities. The study discusses process characteristics, including the degree of centralization and the formality of interactions. Beyond this study, the model should serve as a basis for further research and support process designers to identify potentials of improvements. |
| Title of Book: | NSS '11: Proceedings of the 5th International Conference on Network and System Security |
| Publisher: | IEEE Computer Society |
| Uncontrolled Keywords: | Secure Data |
| Divisions: | 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Department of Computer Science > SECUSO - Security, Usability and Society LOEWE > LOEWE-Zentren 20 Department of Computer Science LOEWE |
| Event Location: | Milan, Italy |
| Date Deposited: | 28 Jul 2016 18:35 |
| DOI: | 10.1109/ICNSS.2011.6060003 |
| Identification Number: | Bartsch11nss |
| Export: |
Optionen (nur für Redakteure)
 |
View Item |
Drucken
Impressum