Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
User Access
It is crucial to study the structural behavior within organization so that the effectiveness of the organization can be improved. (Robbins & Judge, 2013) The employer needs to be aware of the duties and tasks within the organization so they can be managed in a proper way. Along with managing tasks and maintaining the work output, special care needs to be given to the security measures within the company. In the competitive world today, organizations are making using of the smallest information they can attain from their rival companies. Just recently, separation of duty and role based access control (RBAC) were discovered as the new mechanisms to improve the security measures within an organization.
Separation of Duties
Separation of duties is very important when it comes to keeping control. It appears that separation of duties is difficult and sometimes very difficult to manage. The main task is attained by dividing all the tasks and privileges among different people. (Coleman, 2008) Separation of duty is a security model utilized to formulate multi-person control policies. The major aim here is that two or more persons are selected for the completion of a certain task. The purpose behind this act is to reduce the incidence of fraud and cheating within the organization. In this way, there are more than one persons involved and the responsibility and authority of the act is spread over more than one person. (Simon & Zurko,1997) It should be noted that the idea of separation of duty must include the principle of user-centered security. (Simon & Zurko, 1996) Separation of duties also makes sure that critical decision making power does not reside with only one person within the organization.
Using roles to segregate data
This entire idea of separation of duties and division of roles started off when important government agencies required top notch protection. It appears that many civilian and commercial governed organizations have picked up these policies. Like Department of Defense agencies, commercial firms also wish to protect the confidentiality of their information. For instance, an organization needs to protect its marketing plans, product announcements, formulas, personnel data, manufacturing...
Nonetheless, these organizations are very much concerned with their integrity (Clark and Wilson,1987)
We see that within these organizations, integrity actually overlaps between confidentiality and security. Integrity becomes very crucial in deciding matters such as fund transfers. Direct access control is a mechanism that allows some users to be exposed to certain information and disallows other users from viewing that information.
This entire method is based on the identity of certain individuals and to the groups they belong to. This means that the controls are not discretionary and the person is prohibited from passing that information to any other person in the system. It should be noted that within many organizations, the users do not actually own the information to which they are allowed access to. In simple terms, these individuals are merely responsible for that information. Thus it should be noted that the organization actually owns the information (Ferraiolo & Kuhn, 1992)
Role-based access control (RBAC)
A role based access control (RBAC) policy establishes access control decisions on the duties and functions an individual has within the organization. This means that the users cannot give access permission to other users at their discretion. It should be noted that the RBAC method would simplify the management of permissions. To simplify this, the major aim here is to link permissions with roles. After doing that, certain users or user groups are made members or certain roles within the organization (S and Hu et al., 1996) A role basically represents a person's ability to carry out a certain task. This can also mean a responsibility or an authority within the organization.
A study carried out by NIST (Ferraiolo and Gilbert et al., 1995) states that RBAC goes on to satisfy many needs of the government and commercial sectors. This study showed that many organizations base their control decisions depending on the roles that the users have in the organization. If one looks at it in simpler terms, it is basically a system of checks and balances so that one person does not become very powerful in the company. It is quite simple that if the person attains unlimited power, he…
References
Blaze, M., Ioannidis, J., Keromytis, A. And Feigenbaum, J. (1999). The role of trust management in distributed systems security. Computer Science Volume, 1603 pp. 185-210. [Accessed: 14 Sep 2013].
Chang, H. And Lin, G. (2008). Effect of personal values transformation on leadership behaviour. Total Quality Management, 19 (1-2), pp. 67 -- 77.
Clark, D. And Wilson, D. (1987). A comparison of commercial and military computer security policies. 184 p. 194.
Coleman, K. (2008). Separation of Duties and IT Security. [online] Retrieved from: http://www.csoonline.com/article/446017/separation-of-duties-and-it-security [Accessed: 14 Sep 2013].
Zurko, M. And Simon, R. (1996). User-Centered Security. [e-book] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.136.7754&rep=rep1&type=pdf [Accessed: 14 Sep 2013].
A survey questionnaire design is employed to gather data to be used in the lazy user model test, with details on the sample population in which the questionnaire is to be administered. An innovative method to increase response rate is offered, followed by a data analysis plan. Finally, a conclusion and recommendation will complete this research project. 2. Literature Review 2.1 Information Technology and the Internet The Information Age has changed our
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Human resources The first person employed by the company was Chris Agarpao and the first president hired was Jeff Skoll, in 1996. Ebay employs individuals with a large variety of skills, from technical to customer service. The number is increasing fast reaching 5 digits in 2005 and having a double digit growth. Considering that it is desirable to work for such a successful company, the personnel inflows are likely to be high and
Searching and Understanding a Case Study Building Information Modeling (BIM) signifies the entire process of creation and usage of the computer produced design to imitate the planning, layout, building as well as functioning of the facility as displayed in Figure 1. The ensuing unit, a Building Information Model, is really a data-powered, object-oriented, smart as well as parametric electronic portrayal involving the premises, from where ideas and information suitable to numerous
The other competitors of the company are Corporate Express, Inc.,IKON Office Solutions, Inc., Wal-Mart Stores, Inc. And United Stationers Inc. 3. Analysis of potential new entrants Threat of new entrants (Source: Datamonitor,2007) The threats of new entrants into new entrants in this industry are noted to be very string. This is because most of the supplies are in the form of commoditized products that never benefit greatly from the brand loyalty. This
Database Distribution Strategy Smart Homes, Inc. required a database distribution strategy for its exciting new home thermostat product. As part of initiatives to develop and establish this database, the firm has created its own Web-based system for registering, evaluation, and controlling a user's thermostat through a mobile computing device. The database design must support a smart thermostat registration system that would support some customer service processes. For instance, when a customer