文章基本信息

标题：Reducing the Risk of Insider Misuse by Revising Identity Management and User Account Data
本地全文：下载
作者：Ludwig Fuchs ; Günther Pernul
期刊名称：Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN：2093-5374
电子版ISSN：2093-5382
出版年度：2010
卷号：1
期号：1
页码：14-28
出版社：Innovative Information Science & Technology Research Group
摘要：To avoid insider computer misuse, identity and authorization data referring to the legitimate users of the systems must be properly organized and constantly and systematically analyzed and evaluated. In order to support this, a methodology for structured Identity Management has been developed. This methodology includes gathering of identity data spread among different applications, systematic cleansing of user account data in order to detect semantic as well as syntactic errors, grouping of privileges and access rights, and semiautomatic engineering of user roles. Each of the steps involved includes quality criteria and comprehensive tool support. The focus of this paper is on the data cleansing phase leading to feedback where insider misuse may occur due to existing privileges which go beyond the scope of the users' current need-to-know