Bartsch, S;
Sasse, MA;
(2012)
Guiding decisions on authorization policies: A participatory approach to decision support.
In:
SAC '12 Proceedings of the 27th Annual ACM Symposium on Applied Computing.
(pp. 1502 - 1507).
Association for Computer Machinery: New York.
Preview |
PDF
secsac12-decision.pdf Available under License : See the attached licence file. Download (197kB) |
Abstract
Most organizations have access control policies, and many have to change them frequently to get work done. Currently, the way such changes are made often has a significant impact on the organization's security, productivity, and employee satisfaction. Those who have to make the decisions are put on the spot, and depending on their perspective and circumstances, the decision is biased towards business or security interests. A decision support system for access control policies could mitigate these problems, but to be effective, such a system needs a significant amount of information about specific security and business risks and benefits, and collecting this information requires significant investment. In this paper, we present a participatory approach to collecting this information, which not only reduces cost, but increases effectiveness because it ensures that specific local knowledge and downstream risks are represented and visible to decision-makers. We evaluated our systematically developed decision-support prototype in formative evaluations with employees and decision-makers from a variety of backgrounds. We found that, among others, decision support is highly dependent on the organizational context and that the collected factors need to be contextualized for the contributing individuals.
Type: | Proceedings paper |
---|---|
Title: | Guiding decisions on authorization policies: A participatory approach to decision support |
Event: | 27th Annual ACM Symposium on Applied Computing |
ISBN: | 978-1-4503-0857-1 |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1145/2245276.2232015 |
Publisher version: | http://dx.doi.org/10.1145/2245276.2232015 |
Language: | English |
UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/1389946 |
Archive Staff Only
View Item |