Verified Document

User Access It Is Crucial To Study Essay

User Access It is crucial to study the structural behavior within organization so that the effectiveness of the organization can be improved. (Robbins & Judge, 2013) The employer needs to be aware of the duties and tasks within the organization so they can be managed in a proper way. Along with managing tasks and maintaining the work output, special care needs to be given to the security measures within the company. In the competitive world today, organizations are making using of the smallest information they can attain from their rival companies. Just recently, separation of duty and role based access control (RBAC) were discovered as the new mechanisms to improve the security measures within an organization.

Separation of Duties

Separation of duties is very important when it comes to keeping control. It appears that separation of duties is difficult and sometimes very difficult to manage. The main task is attained by dividing all the tasks and privileges among different people. (Coleman, 2008) Separation of duty is a security model utilized to formulate multi-person control policies. The major aim here is that two or more persons are selected for the completion of a certain task. The purpose behind this act is to reduce the incidence of fraud and cheating within the organization. In this way, there are more than one persons involved and the responsibility and authority of the act is spread over more than one person. (Simon & Zurko,1997) It should be noted that the idea of separation of duty must include the principle of user-centered security. (Simon & Zurko, 1996) Separation of duties also makes sure that critical decision making power does not reside with only one person within the organization.

Using roles to segregate data

This entire idea of separation of duties and division of roles started off when important government agencies required top notch protection. It appears that many civilian and commercial governed organizations have picked up these policies. Like Department of Defense agencies, commercial firms also wish to protect the confidentiality of their information. For instance, an organization needs to protect its marketing plans, product announcements, formulas, personnel data, manufacturing...

Nonetheless, these organizations are very much concerned with their integrity (Clark and Wilson,1987)
We see that within these organizations, integrity actually overlaps between confidentiality and security. Integrity becomes very crucial in deciding matters such as fund transfers. Direct access control is a mechanism that allows some users to be exposed to certain information and disallows other users from viewing that information.

This entire method is based on the identity of certain individuals and to the groups they belong to. This means that the controls are not discretionary and the person is prohibited from passing that information to any other person in the system. It should be noted that within many organizations, the users do not actually own the information to which they are allowed access to. In simple terms, these individuals are merely responsible for that information. Thus it should be noted that the organization actually owns the information (Ferraiolo & Kuhn, 1992)

Role-based access control (RBAC)

A role based access control (RBAC) policy establishes access control decisions on the duties and functions an individual has within the organization. This means that the users cannot give access permission to other users at their discretion. It should be noted that the RBAC method would simplify the management of permissions. To simplify this, the major aim here is to link permissions with roles. After doing that, certain users or user groups are made members or certain roles within the organization (S and Hu et al., 1996) A role basically represents a person's ability to carry out a certain task. This can also mean a responsibility or an authority within the organization.

A study carried out by NIST (Ferraiolo and Gilbert et al., 1995) states that RBAC goes on to satisfy many needs of the government and commercial sectors. This study showed that many organizations base their control decisions depending on the roles that the users have in the organization. If one looks at it in simpler terms, it is basically a system of checks and balances so that one person does not become very powerful in the company. It is quite simple that if the person attains unlimited power, he…

Sources used in this document:
References

Blaze, M., Ioannidis, J., Keromytis, A. And Feigenbaum, J. (1999). The role of trust management in distributed systems security. Computer Science Volume, 1603 pp. 185-210. [Accessed: 14 Sep 2013].

Chang, H. And Lin, G. (2008). Effect of personal values transformation on leadership behaviour. Total Quality Management, 19 (1-2), pp. 67 -- 77.

Clark, D. And Wilson, D. (1987). A comparison of commercial and military computer security policies. 184 p. 194.

Coleman, K. (2008). Separation of Duties and IT Security. [online] Retrieved from: http://www.csoonline.com/article/446017/separation-of-duties-and-it-security [Accessed: 14 Sep 2013].
Zurko, M. And Simon, R. (1996). User-Centered Security. [e-book] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.136.7754&rep=rep1&type=pdf [Accessed: 14 Sep 2013].
Cite this Document:
Copy Bibliography Citation

Related Documents

User Perceptions and Online News
Words: 6474 Length: 24 Document Type: Research Paper

A survey questionnaire design is employed to gather data to be used in the lazy user model test, with details on the sample population in which the questionnaire is to be administered. An innovative method to increase response rate is offered, followed by a data analysis plan. Finally, a conclusion and recommendation will complete this research project. 2. Literature Review 2.1 Information Technology and the Internet The Information Age has changed our

Office Depot Inc. Case Study
Words: 4552 Length: 17 Document Type: Case Study

The other competitors of the company are Corporate Express, Inc.,IKON Office Solutions, Inc., Wal-Mart Stores, Inc. And United Stationers Inc. 3. Analysis of potential new entrants Threat of new entrants (Source: Datamonitor,2007) The threats of new entrants into new entrants in this industry are noted to be very string. This is because most of the supplies are in the form of commoditized products that never benefit greatly from the brand loyalty. This

TechFite Case Study Technology
Words: 2399 Length: 8 Document Type: Case Study

TechFite Case StudySection A: Application of the LawThe Computer Fraud and Abuse Act (CFAA) of 1986 (most recently amended in 2008) makes it a criminal offence to access a protected computer either without authorization or in excess of one’s authorized access (US Department of Justice, 2022). For a claim of access without authorization to be valid, the individual must be aware of the facts that make such access unauthorized and

Smart Homes, Inc. Case Study
Words: 1177 Length: 3 Document Type: Case Study

Database Distribution Strategy Smart Homes, Inc. required a database distribution strategy for its exciting new home thermostat product. As part of initiatives to develop and establish this database, the firm has created its own Web-based system for registering, evaluation, and controlling a user's thermostat through a mobile computing device. The database design must support a smart thermostat registration system that would support some customer service processes. For instance, when a customer

Case Study of Facebook
Words: 895 Length: 3 Document Type: Case Study

Leadership Ethics on Facebook The milestone in the history of social networking world was created with the advent of Facebook. It was initially created by Mark Zukerberg for the students of Harvard as a platform for social networking. The innovation, creativity and most importantly strong leadership has made this social networking portal an internationally recognized social networking site translated in almost 70 languages. In today's era where the definition of

Project Management: Case Study in Managing a
Words: 14774 Length: 55 Document Type: Term Paper

Project Management: Case Study in Managing a Complex Shipyard Project in Singapore Background of Complex Shipyard Construction Project Company background Project Overview and Objective Work Process of Building Construction Issue Analysis in Shipyard Construction Project Management Literature Review of Project Management Issues in Scope Management Methodology of Scope Management Lessons Learned from Scope Management Issues in Cost Management Methodology of Cost Management Lessons Learned from Cost Management Issues in Human Resources Methodology of HR Management Lessons Learned from Human Resource Management Case Study in Managing a

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now