![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Veröffentlichte Version Download ( PDF | 776kB) | Lizenz: Creative Commons Namensnennung 4.0 International |
A Framework for Managing Separation of Duty Policies
Groll, Sebastian
, Kern, Sascha , Fuchs, Ludwig und Pernul, Günther
(2024)
A Framework for Managing Separation of Duty Policies.
In: ARES 2024: The 19th International Conference on Availability, Reliability and Security, July 30 - August 2, 2024, Vienna, Austria.
Veröffentlichungsdatum dieses Volltextes: 09 Jan 2025 10:07
Konferenz- oder Workshop-Beitrag
DOI zum Zitieren dieses Dokuments: 10.5283/epub.74601
Zusammenfassung
Separation of Duty (SoD) is a fundamental principle in information security. Especially large and highly regulated companies have to manage a huge number of SoD policies. These policies need to be maintained in an ongoing effort in order to remain accurate and compliant with regulatory requirements. In this work we develop a framework for managing SoD policies that pays particular attention to ...
Separation of Duty (SoD) is a fundamental principle in information security. Especially large and highly regulated companies have to manage a huge number of SoD policies. These policies need to be maintained in an ongoing effort in order to remain accurate and compliant with regulatory requirements. In this work we develop a framework for managing SoD policies that pays particular attention to policy comprehensibility. We conducted seven semi-structured interviews with SoD practitioners from large organizations in order to understand the requirements for managing and maintaining SoD policies. Drawing from the obtained insights, we developed a framework, which includes the relevant stakeholders and tasks, as well as a policy structure that aims to simplify policy maintenance. We anchor the proposed policy structure in a generic IAM data model to ensure compatibility and flexibility with other IAM models. We then show exemplary how our approach can be enforced within Role-Based Access Control. Finally, we evaluate the proposed framework with a real-world IAM data set provided by a large finance company.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Konferenz- oder Workshop-Beitrag (Paper) | ||||
| Buchtitel: | Proceedings of the 19th International Conference on Availability, Reliability and Security | ||||
|---|---|---|---|---|---|
| Seitenbereich: | S. 1-10 | ||||
| Datum | 2024 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identifikationsnummer |
| ||||
| Stichwörter / Keywords | Separation of Duty, Identity and Access Management, Role-Based Access Control | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Zum Teil | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-746016 | ||||
| Dokumenten-ID | 74601 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik