User Access it Is Crucial to Study

User Access It is crucial to study the structural behavior within organization so that the effectiveness of the organization can be improved. (Robbins & Judge, 2013) The employer needs to be aware of the duties and tasks within the organization so they can be managed in a proper way. Along with managing tasks and maintaining the work output, special care needs to be given to the security measures within the company. In the competitive world today, organizations are making using of the smallest information they can attain from their rival companies.

Just recently, separation of duty and role based access control (RBAC) were discovered as the new mechanisms to improve the security measures within an organization. Separation of Duties Separation of duties is very important when it comes to keeping control. It appears that separation of duties is difficult and sometimes very difficult to manage. The main task is attained by dividing all the tasks and privileges among different people. (Coleman, 2008) Separation of duty is a security model utilized to formulate multi-person control policies.

The major aim here is that two or more persons are selected for the completion of a certain task. The purpose behind this act is to reduce the incidence of fraud and cheating within the organization. In this way, there are more than one persons involved and the responsibility and authority of the act is spread over more than one person. (Simon & Zurko,1997) It should be noted that the idea of separation of duty must include the principle of user-centered security.

(Simon & Zurko, 1996) Separation of duties also makes sure that critical decision making power does not reside with only one person within the organization. Using roles to segregate data This entire idea of separation of duties and division of roles started off when important government agencies required top notch protection. It appears that many civilian and commercial governed organizations have picked up these policies. Like Department of Defense agencies, commercial firms also wish to protect the confidentiality of their information.

For instance, an organization needs to protect its marketing plans, product announcements, formulas, personnel data, manufacturing and development techniques. Nonetheless, these organizations are very much concerned with their integrity (Clark and Wilson,1987) We see that within these organizations, integrity actually overlaps between confidentiality and security. Integrity becomes very crucial in deciding matters such as fund transfers. Direct access control is a mechanism that allows some users to be exposed to certain information and disallows other users from viewing that information.

This entire method is based on the identity of certain individuals and to the groups they belong to. This means that the controls are not discretionary and the person is prohibited from passing that information to any other person in the system. It should be noted that within many organizations, the users do not actually own the information to which they are allowed access to. In simple terms, these individuals are merely responsible for that information.

Thus it should be noted that the organization actually owns the information (Ferraiolo & Kuhn, 1992) Role-based access control (RBAC) A role based access control (RBAC) policy establishes access control decisions on the duties and functions an individual has within the organization. This means that the users cannot give access permission to other users at their discretion. It should be noted that the RBAC method would simplify the management of permissions. To simplify this, the major aim here is to link permissions with roles.

After doing that, certain users or user groups are made members or certain roles within the organization (S and Hu et al., 1996) A role basically represents a person's ability to carry out a certain task. This can also mean a responsibility or an authority within the organization. A study carried out by NIST (Ferraiolo and Gilbert et al., 1995) states that RBAC goes on to satisfy many needs of the government and commercial sectors.

This study showed that many organizations base their control decisions depending on the roles that the users have in the organization. If one looks at it in simpler terms, it is basically a system of checks and balances so that one person does not become very powerful in the company. It is quite simple that if the person attains unlimited power, he is more likely to carry out unfair practices in the organization.

An example can be taken of an operator role where the person has the access to all the resources. Despite all of that, that person is allowed to access to change permissions. Similarly, a security officer can change permissions but not have access to the resources. In this method, the users would be granted permissions only based on their job requirement. The RBAC method is also efficient because it might not cause as many conflicts in the organization. For instance, it is easy to predefine role-permission relationship.

This makes it simpler to assign new employees to the roles that have been established before. The NIST study also indicated that the permissions assigned to roles change slowly. Administrators and employers can annul or award membership to users in existing roles without changing the role-permission assignments. This makes the entire organization more systematic and reduces chances of error. If employees are aware of their own roles and permissions, they will be less likely to try and attain permissions that are not linked to their duty.

Because these employees know that they will not get other permissions, they will be more focused on their own work rather than looking around what his colleagues are doing. In short, we see that RBAC policy supports the security principles of data abstraction, least privilege and separation of duties. All of these security principles will therefore make the entire organization more secure and efficient in the long run.

Trust management issues Organizational behavior experts have pointed out that an organization member's actions can be altered by a lot of factors within the organization. Values and the attitude the person keeps has been considered very crucial in explaining their activities and attitude in the organization. A person's values would also affect their choices, alternatives, and performance measures in their decision process. (Lin & Chang, 2008; Robbins & Judge, 2013) Trust management can be viewed as maintaining security policies, assigning credential to entities and checking if the credentials complete the policy.

In the paper less business transactions being carried out today, trust management is very important. Organizations need to look over the complexity of access-restricting and access-granting processes. (Blaze et.al, 1999) One method utilizes for this purpose is the access control list. Strict confidentiality should be maintained through the precise access control. For instance, if the company is managing accounts and funds for a different set of clients, different attempts from.