Conditional monitoring policy under moral hazard
Management Science
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
The Value of Information Sharing in a Two-Level Supply Chain
Management Science
Information Systems Research
Market for Software Vulnerabilities? Think Again
Management Science
How to Break Access Control in a Controlled Manner
CBMS '06 Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems
Designing a Family of Development-Intensive Products
Management Science
Embedding Information Security into the Organization
IEEE Security and Privacy
International Journal of Electronic Commerce
Relative importance, specific investment and ownership in interorganizational systems
Information Technology and Management
Effects of Enterprise Interoperability on Integration Efforts in Supply Chains
International Journal of Electronic Commerce
Towards a mechanism for discretionary overriding of access control (transcript of discussion)
SP'04 Proceedings of the 12th international conference on Security Protocols
Hi-index | 0.00 |
Managing information access in highly dynamic e-business environments is increasingly challenging. In large firms with thousands of employees accessing thousands of applications and data sources, managers must protect information against misuse but ensure that employees can access the information needed for value creation. An escalation scheme with audits to increase flexibility while maintaining security is proposed. By coupling incentives with controls, escalation aligns employees' self-interest with the firm's profit objective. A game-theoretic model shows that an incentives-based policy with escalation and audit can control both overentitlement and underentitlement while maintaining flexibility.