UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

How users bypass access control - and why: the impact of authorization problems on individuals and the organization

Bartsch, S; Sasse, MA; (2013) How users bypass access control - and why: the impact of authorization problems on individuals and the organization. In: Brinkkemper, S and Helms, R, (eds.) ECIS 2013 Completed Research. AIS Electronic Library (AISeL)/ Berkeley Electronic Press: Berkeley, US. Green open access

[img] PDF
Sasse_und_Bartsch_-_2013_-_How_users_bypass_access_control_and_why_the_impac.pdf

Download (337kB)

Abstract

Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not consider the full range of underlying problems, and their impact on organizations. We present a study of 118 individuals’ experiences of authorization measures in a multi-national company, and their self-reported subsequent behavior. Building on recent research that applies economic models to show the impact of lack of usability, we analyze the interrelations of authorization issues with individuals’ behaviors and organizational goals. Our results indicate that authorization problems significantly reduce the productivity and effective security of organizations. We analyzed the authorization problems of different stakeholders, and found they are mostly caused by the procedures for policy changes (e.g. long change lead-times) and the decision-making (e.g. inexperienced decision makers); the consequence is the circumvention of access control (e.g. by sharing passwords). As one research contribution, we develop a holistic model of authorization problems. More practically, we recommend to provide guidance for non-compliance, such as password-sharing, and to establish light-weight procedures for policy changes with adequate degrees of centralization and formalization, and support for decision-making.

Type: Proceedings paper
Title: How users bypass access control - and why: the impact of authorization problems on individuals and the organization
Event: 21st European Conference on Information Systems, June 5-8, 2013, Utrecht, The Netherlands
ISBN: 9039361126
ISBN-13: 9789039361122
Open access status: An open access version is available from UCL Discovery
Publisher version: http://aisel.aisnet.org/ecis2013_cr/53/
Language: English
Additional information: © The Authors
UCL classification: UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1426546
Downloads since deposit
281Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item