Rollbaserad åtkomstkontroll inom organisationer - rätt åtkomst till rätt användare vid rätt tillfälle
(2014) SYSK02 20141Department of Informatics
- Abstract
- The paper examines the extent to which role-based access control is used within organizations to control and assign access rights to users. Furthermore, this paper investigates whether organizations are aware of security risks that arise when users are assigned too many or incorrect access rights and the steps they take to reduce the problem. The survey was conducted through the collection of qualitative and quantitative empirical data. Qualitative data were collected through interviews while the quantitative were collected using a questionnaire survey. The empirical data is divided and analyzed in two areas, "användning av rollbaserad åtkomstkontroll" and "åtgärdskontroller och informationssäkerhetsmedvetenhet". The results of the study... (More)
- The paper examines the extent to which role-based access control is used within organizations to control and assign access rights to users. Furthermore, this paper investigates whether organizations are aware of security risks that arise when users are assigned too many or incorrect access rights and the steps they take to reduce the problem. The survey was conducted through the collection of qualitative and quantitative empirical data. Qualitative data were collected through interviews while the quantitative were collected using a questionnaire survey. The empirical data is divided and analyzed in two areas, "användning av rollbaserad åtkomstkontroll" and "åtgärdskontroller och informationssäkerhetsmedvetenhet". The results of the study have shown that the majority of the organizations that participated in the survey do not use role-based access control to promote information security. Rather, role-based access control is used from an administrative perspective. Furthermore, the survey shows also that information security awareness within organizations are not at a desired level and that the functionality and business are prioritized over information security. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/4498836
- author
- Basic, Amar LU ; Schuster, Thomas LU and Johnsson, Christoffer LU
- supervisor
- organization
- course
- SYSK02 20141
- year
- 2014
- type
- M2 - Bachelor Degree
- subject
- keywords
- least privilege, access control, RBAC, role-based access control, information security, informationssäkerhetsmedvetenhet, informationssäkerhet, rollbaserad åtkomstkontroll
- report number
- INF14-028
- language
- Swedish
- id
- 4498836
- date added to LUP
- 2014-06-25 15:43:43
- date last changed
- 2020-01-31 10:47:10
@misc{4498836,
abstract = {{The paper examines the extent to which role-based access control is used within organizations to control and assign access rights to users. Furthermore, this paper investigates whether organizations are aware of security risks that arise when users are assigned too many or incorrect access rights and the steps they take to reduce the problem. The survey was conducted through the collection of qualitative and quantitative empirical data. Qualitative data were collected through interviews while the quantitative were collected using a questionnaire survey. The empirical data is divided and analyzed in two areas, "användning av rollbaserad åtkomstkontroll" and "åtgärdskontroller och informationssäkerhetsmedvetenhet". The results of the study have shown that the majority of the organizations that participated in the survey do not use role-based access control to promote information security. Rather, role-based access control is used from an administrative perspective. Furthermore, the survey shows also that information security awareness within organizations are not at a desired level and that the functionality and business are prioritized over information security.}},
author = {{Basic, Amar and Schuster, Thomas and Johnsson, Christoffer}},
language = {{swe}},
note = {{Student Paper}},
title = {{Rollbaserad åtkomstkontroll inom organisationer - rätt åtkomst till rätt användare vid rätt tillfälle}},
year = {{2014}},
}