Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
How Users Bypass Access Control - And Why: The Impact Of Authorization Problems On Individuals And The Organization.
  • Publication Type:
  • Authors:
    Bartsch S, Sasse MA
  • Publisher:
    AIS Electronic Library (AISeL)/ Berkeley Electronic Press
  • Publication date:
  • Place of publication:
    Berkeley, US
  • Pagination:
    53, ?
  • Published proceedings:
    21st European Conference on Information Systems, June 5-8, 2013, Utrecht, The Netherlands
  • Editors:
    Brinkkemper S,Helms R
  • ISBN-10:
  • ISBN-13:
  • Status:
  • Name of conference:
    21st European Conference on Information Systems
  • Conference place:
    Utrecht, The Netherlands
  • Conference start date:
  • Conference finish date:
Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not consider the full range of underlying problems, and their impact on organizations. We present a study of 118 individuals’ experiences of authorization measures in a multi-national company, and their self-reported subsequent behavior. Building on recent research that applies economic models to show the impact of lack of usability, we analyze the interrelations of authorization issues with individuals’ behaviors and organizational goals. Our results indicate that authorization problems significantly reduce the productivity and effective security of organizations. We analyzed the authorization problems of different stakeholders, and found they are mostly caused by the procedures for policy changes (e.g. long change lead-times) and the decision-making (e.g. inexperienced decision makers); the consequence is the circumvention of access control (e.g. by sharing passwords). As one research contribution, we develop a holistic model of authorization problems. More practically, we recommend to provide guidance for non-compliance, such as password-sharing, and to establish light-weight procedures for policy changes with adequate degrees of centralization and formalization, and support for decision-making.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by