User Access
It is crucial to study the structural behavior within organization so that the effectiveness of the organization can be improved. (Robbins & Judge, 2013) The employer needs to be aware of the duties and tasks within the organization so they can be managed in a proper way. Along with managing tasks and maintaining the work output, special care needs to be given to the security measures within the company. In the competitive world today, organizations are making using of the smallest information they can attain from their rival companies. Just recently, separation of duty and role based access control (RBAC) were discovered as the new mechanisms to improve the security measures within an organization.
Separation of Duties
Separation of duties is very important when it comes to keeping control. It appears that separation of duties is difficult and sometimes very difficult to manage. The main task is attained by dividing all the tasks and privileges among different people. (Coleman, 2008) Separation of duty is a security model utilized to formulate multi-person control policies. The major aim here is that two or more persons are selected for the completion of a certain task. The purpose behind this act is to reduce the incidence of fraud and cheating within the organization. In this way, there are more than one persons involved and the responsibility and authority of the act is spread over more than one person. (Simon & Zurko,1997) It should be noted that the idea of separation of duty must include the principle of user-centered security. (Simon & Zurko, 1996) Separation of duties also makes sure that critical decision making power does not reside with only one person within the organization.
Using roles to segregate data
This entire idea of separation of duties and division of roles started off when important government agencies required top notch protection. It appears that many civilian and commercial governed organizations have picked up these policies. Like Department of Defense agencies, commercial firms also wish to protect the confidentiality of their information. For instance, an organization needs to protect its marketing plans, product announcements, formulas, personnel data, manufacturing...
Nonetheless, these organizations are very much concerned with their integrity (Clark and Wilson,1987)
We see that within these organizations, integrity actually overlaps between confidentiality and security. Integrity becomes very crucial in deciding matters such as fund transfers. Direct access control is a mechanism that allows some users to be exposed to certain information and disallows other users from viewing that information.
This entire method is based on the identity of certain individuals and to the groups they belong to. This means that the controls are not discretionary and the person is prohibited from passing that information to any other person in the system. It should be noted that within many organizations, the users do not actually own the information to which they are allowed access to. In simple terms, these individuals are merely responsible for that information. Thus it should be noted that the organization actually owns the information (Ferraiolo & Kuhn, 1992)
Role-based access control (RBAC)
A role based access control (RBAC) policy establishes access control decisions on the duties and functions an individual has within the organization. This means that the users cannot give access permission to other users at their discretion. It should be noted that the RBAC method would simplify the management of permissions. To simplify this, the major aim here is to link permissions with roles. After doing that, certain users or user groups are made members or certain roles within the organization (S and Hu et al., 1996) A role basically represents a person's ability to carry out a certain task. This can also mean a responsibility or an authority within the organization.
A study carried out by NIST (Ferraiolo and Gilbert et al., 1995) states that RBAC goes on to satisfy many needs of the government and commercial sectors. This study showed that many organizations base their control decisions depending on the roles that the users have in the organization. If one looks at it in simpler terms, it is basically a system of checks and balances so that one person does not become very powerful in the company. It is quite simple that if the person attains unlimited power, he…
