Visible to the public Towards an Approach of Risk Analysis in Access Control

TitleTowards an Approach of Risk Analysis in Access Control
Publication TypeConference Paper
Year of Publication2020
AuthorsJayabalan, Manoj
Conference Name2020 13th International Conference on Developments in eSystems Engineering (DeSE)
Date Publisheddec
KeywordsAccess Control, cloud computing, Human Behavior, Information security, Measurement, Medical services, Metrics, privacy, Privacy Policies, probability, pubcrawl, risk analysis, Scalability, security, Taxonomy
AbstractInformation security provides a set of mechanisms to be implemented in the organisation to protect the disclosure of data to the unauthorised person. Access control is the primary security component that allows the user to authorise the consumption of resources and data based on the predefined permissions. However, the access rules are static in nature, which does not adapt to the dynamic environment includes but not limited to healthcare, cloud computing, IoT, National Security and Intelligence Arena and multi-centric system. There is a need for an additional countermeasure in access decision that can adapt to those working conditions to assess the threats and to ensure privacy and security are maintained. Risk analysis is an act of measuring the threats to the system through various means such as, analysing the user behaviour, evaluating the user trust, and security policies. It is a modular component that can be integrated into the existing access control to predict the risk. This study presents the different techniques and approaches applied for risk analysis in access control. Based on the insights gained, this paper formulates the taxonomy of risk analysis and properties that will allow researchers to focus on areas that need to be improved and new features that could be beneficial to stakeholders.
Citation Keyjayabalan_towards_2020