Access Governance: Flexibility with Escalation and Audit

Author

Zhao, Xia ; Johnson, M. Eric

fYear

2010

fDate

5-8 Jan. 2010

Firstpage

1

Lastpage

13

Abstract

Managing information access in highly dynamic business environments is increasingly challenging. With thousands of employees accessing thousands of applications and data sources, managers strive to ensure the employees can access the information they need to create value while protecting information from misuse. We propose an access governance structure with escalation options, ensuring both flexibility and security of information. Using a game-theoretic approach, we show that properly coupling information access, audit, violation penalties and rewards can enable self-interested employees to access information in a timely manner, seizing business opportunities for the firm while managing security risks. Surprisingly we find that providing employees with more access than strictly required can reduce control costs and improve profits.

Keywords

game theory; security of data; access governance; access information; data sources; game-theoretic approach; information access management; security of information; security risk management; Access control; Conference management; Costs; Data security; Environmental economics; Fuel economy; Hospitals; Information security; Protection; Technological innovation;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2010 43rd Hawaii International Conference on

Conference_Location

Honolulu, HI

ISSN

1530-1605

Print_ISBN

978-1-4244-5509-6

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2010.42

Filename

5428548