Toggle Main Menu Toggle Search

Open Access padlockePrints

Risk Modelling of Access Control Policies with Human Behavioural Factors

Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel



Organisations can gain competitive advantage by taking risks within their market. An organisation may promote a particular approach to business opportunities within its employees. Increasingly organisations within a “knowledge-based economy” trade in information assets. A simple example may be an employee travelling to a potential client’s premises to present details of their organisation’s work. Here the asset is the work being presented, which has value to the presenting party. A possible benefit is that the presented work influences the potential client to enter into a business partnership. There are also risks in the previous example that may equally result in losses for the presenting party. The details of the presented work may be lost or stolen in transit, or retained by the potential client against the wishes of the presenting party. It may even be that the individual(s) presenting the work have malicious intentions of their own which are then satisfied once they have the organisation’s information assets in their possession. An organisation will seek to permit some activities – and forbid others – as part of its risk approach. Senior management will often have a sense of what should and should not be done with the organisation’s information assets. These commands may then be communicated to the information security manager e.g. the Chief Information Security Officer (CISO), or whoever is responsible for managing the security of the organisation’s information assets. The information security manager (or their staff) must then translate the risk approach into security controls within the organisation’s information security infrastructure.

Publication metadata

Author(s): Parkin S, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2009

Pages: 7

Print publication date: 01/07/2009

Source Publication Date: July 2009

Report Number: 1155

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne