Managing Information Access in Data-Rich Enterprises with Escalation and Incentives

Authors:
Xia Zhao;M. Johnson
Affiliations:
Bryan School of Business and Economics, University of North Carolina at Greensboro;Glassmeyer / McNamee Center for Digital Strategies, Science of Administration Management at the Tuck School of Business, Dartmouth College
Venue:
International Journal of Electronic Commerce
Year:
2010

Citing 16
Cited 0

Conditional monitoring policy under moral hazard

Management Science
“Sticky information” and the locus of problem solving: implications for innovation

Management Science
Business value of information technology: a study of electronic data interchange

MIS Quarterly
Facilitating coordination in customer support teams: a framework and its implications for the design of information technology

Management Science
Paradox lost? Firm-level evidence on the returns to information systems spending

Management Science
Optimistic security: a new access control paradigm

Proceedings of the 1999 workshop on New security paradigms
The Value of Information Sharing in a Two-Level Supply Chain

Management Science
Measuring Information Technology Payoff: A Meta-Analysis of Structural Variables in Firm-Level Empirical Research

Information Systems Research
Market for Software Vulnerabilities? Think Again

Management Science
How to Break Access Control in a Controlled Manner

CBMS '06 Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems
Designing a Family of Development-Intensive Products

Management Science
Embedding Information Security into the Organization

IEEE Security and Privacy
Assimilation and Diffusion of Web Technologies in Supply-Chain Management: An Examination of Key Drivers and Performance Impacts

International Journal of Electronic Commerce
Relative importance, specific investment and ownership in interorganizational systems

Information Technology and Management
Effects of Enterprise Interoperability on Integration Efforts in Supply Chains

International Journal of Electronic Commerce
Towards a mechanism for discretionary overriding of access control (transcript of discussion)

SP'04 Proceedings of the 12th international conference on Security Protocols

Quantified Score

Hi-index	0.00

Visualization

Abstract

Managing information access in highly dynamic e-business environments is increasingly challenging. In large firms with thousands of employees accessing thousands of applications and data sources, managers must protect information against misuse but ensure that employees can access the information needed for value creation. An escalation scheme with audits to increase flexibility while maintaining security is proposed. By coupling incentives with controls, escalation aligns employees' self-interest with the firm's profit objective. A game-theoretic model shows that an incentives-based policy with escalation and audit can control both overentitlement and underentitlement while maintaining flexibility.