Access Management in Organizations : A Comprehensive Study and Scenario-based Analysis

University essay from Linköpings universitet/Institutionen för datavetenskap

Author: Anna Bergström; Emily Berghäll; [2023]

Keywords: access management; access control; access control models; role-based access control; attribute-based access control; ACM; access rights; organization; organization-based; scenario-based; evaluation;

Abstract: Access management is an important part of the security of an organization as it limits access to sensitive material such as code and files. Therefore, access management can be a vital part of preventing leaks of information in regard to company-sensitive information or information about employees or users.  A technique that can be used to handle access management is the use of access control models. This thesis conducts a literature study and scenario-based evaluations of 12 access control models with the aim of creating recommendations and a roadmap for choosing access control models for different organizations. The most common factors of the chosen access control models are adaptability, flexibility, and high security. The 12 chosen access control models were chosen because they were deemed the best fit for organizations in the technology industry. Other models could be chosen depending on the industry or environment, which will yield different results but the roadmap can still be tailored.  The scenario-based organization focuses on five main parameters within the evaluation: attribute definition, economy, control authorities, organization, and security. These are determined by taking the average of the sub-parameters of each main parameter, this is done for each access control model resulting in a total average. The scenarios conducted are of differently-sized organizations namely: small, growing, and large. For each scenario, the main parameters were weighted which resulted in new averages which in turn resulted in recommendations for each scenario.  The results present recommendations for each scenario both in the form of a single access control model that can be used but also in the form of access control model combinations that can help reach more of the priorities parameters for each scenario. Further, the thesis can be viewed as a roadmap for organizations that can be tailored to fit individual needs and priorities by altering the parameter weights. 

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)