Title :
A meta-network approach for analysing the information system access vulnerabilities in organizations
Author :
Peiris, W. Hasala ; Armstrong, Hirotatsu
Author_Institution :
Sch. of Inf. Syst., Curtin Univ., Perth, WA, Australia
fDate :
April 29 2013-May 1 2013
Abstract :
Access control is an important aspect of information systems security. The primary concern in access vulnerability research has been the development of secure technologies for subjects to gain access to objects. Very little emphasis is placed on access vulnerabilities that occur due to socio-technical factors. However, a holistic access vulnerability analysis that considers a range of socio-technical factors is required for the implementation of access control principles such as the need-to-know, separation of duties and dual control. This paper describes a research aimed at investigating a meta-network modeling approach to analyze access vulnerabilities that could be mitigated by the application of three access control principles mentioned above. In this research data collected from an organization is instantiated as a meta-network and analyzed using three different metrics. The results suggest that a meta-network model and the chosen metrics are suitable for a holistic analysis of socio-technical information system access vulnerabilities.
Keywords :
authorisation; meta data; organisational aspects; social aspects of automation; access control; access control principles; dual control; information system security; meta-network approach; research data collection; socio-technical factors; socio-technical information system access vulnerabilities; Access control; Analytical models; Information services; Information systems; Measurement; Organizations; access vulnerabilitis; information systems; network analysis;
Conference_Titel :
Network Science Workshop (NSW), 2013 IEEE 2nd
Conference_Location :
West Point, NY
Print_ISBN :
978-1-4799-0436-5
DOI :
10.1109/NSW.2013.6609194
