Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not show the full range of problems, their impact on organizations, and underlying causes. We present a study of 118 individual's experiences of authorization measures in a multi-national company and their self-reported subsequent behavior. We follow the recent advances in applying economic models to security usability and analyze the interrelations of authorization issues with individuals ' behaviors and organizational goals. Our results indicate that authorization pro...
Effective computer security requires looking not just at technology, but also at how it meshes with ...
ABSTRACT This work addresses the problem of reviewing complex access policies in an organizational c...
International audienceConstraints such as separation-of-duty are widely used to specify requirements...
Many organizations struggle with ineffective and/or inefficient access control, but these problems a...
Many organizations struggle with ineffective and/or inefficient access control, but these problems a...
Abstract—Problems in organizational authorization result in productivity impacts and in security ris...
Restrictions and permissions in information systems – Authorization – can cause problems for those i...
Problems in organizational authorization result in productivity impacts and in security risks, for e...
Restrictions and permissions in information systems -- Authorization -- can cause problems for thos...
Most organizations have access control policies, and many have to change them frequently to get work...
This paper highlights the problem with access rights as a part of information security in enterprise...
Restrictions and permissions in information systems -- Authorization -- can cause problems for those...
Abstract: Computer-based access control systems working with financial and privacy issues are concer...
Most organizations have access control policies, and many have to change them frequently to get work...
Authorization protects application resources by allowing only authorized entities to access them. Ex...
Effective computer security requires looking not just at technology, but also at how it meshes with ...
ABSTRACT This work addresses the problem of reviewing complex access policies in an organizational c...
International audienceConstraints such as separation-of-duty are widely used to specify requirements...
Many organizations struggle with ineffective and/or inefficient access control, but these problems a...
Many organizations struggle with ineffective and/or inefficient access control, but these problems a...
Abstract—Problems in organizational authorization result in productivity impacts and in security ris...
Restrictions and permissions in information systems – Authorization – can cause problems for those i...
Problems in organizational authorization result in productivity impacts and in security risks, for e...
Restrictions and permissions in information systems -- Authorization -- can cause problems for thos...
Most organizations have access control policies, and many have to change them frequently to get work...
This paper highlights the problem with access rights as a part of information security in enterprise...
Restrictions and permissions in information systems -- Authorization -- can cause problems for those...
Abstract: Computer-based access control systems working with financial and privacy issues are concer...
Most organizations have access control policies, and many have to change them frequently to get work...
Authorization protects application resources by allowing only authorized entities to access them. Ex...
Effective computer security requires looking not just at technology, but also at how it meshes with ...
ABSTRACT This work addresses the problem of reviewing complex access policies in an organizational c...
International audienceConstraints such as separation-of-duty are widely used to specify requirements...