Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Nyame, Gabriel; Qin, Zhiguang

doi:10.3390/info11060334

Cited by 4 publications

(6 citation statements)

References 82 publications

(96 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Structural Equation Modeling (SEM) analysis reveals insightful relationships, notably the significant reduction of insider threats attributed to RBAC effectiveness, supporting hypothesis H1. This finding aligns with the literature emphasizing the strategic importance of access control mechanisms in mitigating such threats [24][28] [58]. The negative impact of implementation challenges on RBAC's effectiveness (H2) underscores the nuanced barriers organizations face, especially the administrative and technical hurdles that can diminish the system's efficacy.…”

Section: Discussionsupporting

confidence: 82%

“…Permissions are access rights or privileges granted to roles, enabling them to perform certain operations. Sessions represent instances of users operating within the system under specific roles, effectively linking users to their roles temporarily [24]. User-role assignments include mappings between users and roles and determining which roles a user can assume in a session.…”

Section: Rbacmentioning

confidence: 99%

“…Although RBAC is widely recognized for its effectiveness in managing access controls, its implementation is challenging, as accurately defining roles and permissions can be complex and time-consuming, particularly in organizations with intricate operational structures [26]. The dynamic nature of modern work environments, characterized by frequent changes in job functions and responsibilities, necessitates continual updates and revisions to role definitions and assignments [24][27]. Mayeke et al [13] assert that emerging trends in RBAC research and application focus on enhancing its adaptability and intelligence.…”

Section: Rbacmentioning

confidence: 99%

“…Role-Based Access Control (RBAC) is considered a strategic framework pivotal in mitigating insider threats, a pressing concern for organizations worldwide [24] [28]. It employs several strategic mechanisms that effectively reduce the risk of insider threats [29].…”

Section: Rbac's Role In Mitigating Insider Threatsmentioning

confidence: 99%

“…Furthermore, defining and managing roles can be difficult, particularly in dynamic environments where job functions and workflows evolve rapidly [24] [52]. The initial phase of accurately mapping organizational roles to specific permissions is critical.…”

Section: Challenges and Limitations Of Rbac In Insider Threat Mitigationmentioning

confidence: 99%

See 4 more Smart Citations

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Marquis

2024

JERR

View full text Add to dashboard Cite

This study investigates the effectiveness of Role-Based Access Control (RBAC) systems in mitigating insider threats to database security within various organizational environments. Insider threats represent a significant challenge for database security, necessitating robust and adaptive security measures. By delineating access based on users' roles within an organization, RBAC emerges as a critical tool against such threats. Employing a quantitative research methodology, this work gathered data through a survey targeting professionals directly involved in the security and management of organizational databases across technology, finance, healthcare, and government industries. The study utilized Confirmatory Factor Analysis (CFA) and Structural Equation Modeling (SEM) to validate the measurement model and analyze the relationships between RBAC effectiveness, implementation challenges, RBAC enhancements, and their collective impact on insider threat reduction. Findings indicate that RBAC effectively reduces unauthorized access and data breaches, significantly mitigating insider threats. However, implementation challenges such as role definition complexity and adapting to dynamic access needs emerge as notable obstacles. Enhancements in RBAC, mainly through integrating technologies like machine learning and dynamic access controls, are identified as critical mediators that enhance RBAC's effectiveness. The study concludes that while RBAC is a vital tool for database security, its success depends on continuous improvement and customization to specific organizational contexts. It recommends developing continuous enhancement programs for RBAC systems, specialized training for administrators, and the customization of RBAC strategies to meet unique organizational and industry needs. These measures are crucial for optimizing RBAC's effectiveness against insider threats.

show abstract

Section: Discussionsupporting

confidence: 82%

Section: Rbacmentioning

confidence: 99%

Section: Rbacmentioning

confidence: 99%

Section: Rbac's Role In Mitigating Insider Threatsmentioning

confidence: 99%

Section: Challenges and Limitations Of Rbac In Insider Threat Mitigationmentioning

confidence: 99%

See 3 more Smart Citations

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Marquis

2024

JERR

View full text Add to dashboard Cite

show abstract

Synergistic Information Security Design Implementation based on Role-Based Access Control, Information Classification, and AES Cryptographic Encryption

Bumalod,

Velasco

2024

ijitgeb

View full text Add to dashboard Cite

Security technology has undergone significant development and research in response to increasing cyber threats. The Intranet Document Management System (IDMS) was created to centralize documents within organizations, ensuring efficiency and streamlining processes. Given the critical nature of document management in organizational workflows, secure and safe management is paramount. This study aims to develop a secure IDMS using Advanced Encryption Standard (AES) encryption, Role-Based Access Control (RBAC), and an Information Classification Model. We also provide a comprehensive overview of the key characteristics and performance metrics of each access control model and cryptographic algorithm, facilitating decision-making for system design and implementation. The system offers high granularity, ease of administration through role assignments with document classification, high flexibility with customized permissions, and scalability with roles and classification. AES is chosen for its high security and fast performance, making it a widely used encryption standard. Keywords: Advanced Encryption Standard (AES), Access Control, Cryptographic Algorithm, Document Management System, Information Classification Received Date: April 2, 2024Revised Date: May 10, 2024Accepted Date: May 14, 2024

show abstract

Users’ Reaction Time for Improvement of Security and Access Control in Web Services

et al. 2021

View full text Add to dashboard Cite

This paper concerns the case of the development of a technology for increasing the efficiency of access control based on the user behavior monitoring built into a software system’s user interface. It is proposed to use the time of user reactions as individual indicators of psychological and psychophysical state. This paper presents the results and interpretation of user reactions collected during a mass web survey of students of the Russian Federation. The total number of users was equal to 22,357. To reveal the patterns in user reactions, both quantitative and qualitative approaches were applied. The analysis of the data demonstrated that the user could be characterized by their psychomotor reactions, collected during the answering of a set of questions. Those reactions reflected the personal skills of the interface interaction, the speed of reading, and the speed of answering. Thus, those observations can be used as a supplement to personal verification in information systems. The collection of the reaction times did not load the data volumes significantly nor transmit confidential information.

show abstract

Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Cited by 4 publications

References 82 publications

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Synergistic Information Security Design Implementation based on Role-Based Access Control, Information Classification, and AES Cryptographic Encryption

Users’ Reaction Time for Improvement of Security and Access Control in Web Services

Contact Info

Product

Resources

About