Exploring Information Security Issues in Public Sector Inter-organizational Collaboration
Identifieur interne : 000359 ( Main/Exploration ); précédent : 000358; suivant : 000360Exploring Information Security Issues in Public Sector Inter-organizational Collaboration
Auteurs : Anne Fleur Van Veenstra [Pays-Bas] ; Marco Ramilli [Italie]Source :
- Lecture Notes in Computer Science [ 0302-9743 ] ; 2011.
English descriptors
- Teeft :
- Access, Access control, Access point, Administrator entities, Administrator role, Case study, Case workers, Check point, Check point pattern, Check point patterns, Citizens information, Common tasks, Control access, Crossorganizational collaboration, Data access control, Database security, Design pattern, Design patterns, Different organizations, Different roles, Electronic government, Exchange citizens, Executive organizations, Further research, High level blocks, Ieee computer society, Income data, Individual citizens, Information access, Information security, Information security issues, Large executive organizations, Legal arrangements, Limited research, Local level, Marital status, More roles, Multiple organizations, National level, Organizational arrangements, Pattern language, Pattern languages, Personal data, Personal information, Public organizations, Public sector, Ramilli, Rbac, Rbac model, Same information, Security patterns, Security patterns landscape, Security session, Security threats, Service delivery, Similar sets, Simple roles, Single access point, Single access point pattern, Social security, Social security allowance, Social security executive organization, Software engineering, Strict rules, Technical solutions, Unauthorized, Unauthorized access, User, Veenstra.
Abstract
Abstract: Joining up service delivery of multiple organizations often requires public organizations to exchange citizens’ information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, which are proven technical solutions. This paper explores data control issues for realizing information security by looking at the application of security patterns in practice. By investigating a case study of inter-organizational collaboration in the Netherlands we explore the use of two security patterns that control access to information: Extended Role-Based Access Control (ERBAC) and Single Access Point/Check Point. We investigated whether those patterns were implemented in the right way and whether they were sufficient for guaranteeing access control. We found issues related to access control to be crucial in realizing information security, which can only be realized by implementing organizational arrangements in addition to technical solutions. Therefore, we recommend development of a framework for information security in interorganizational collaboration including technical and organizational aspects.
Url:
DOI: 10.1007/978-3-642-22878-0_30
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 001151
- to stream Istex, to step Curation: 001067
- to stream Istex, to step Checkpoint: 000220
- to stream Main, to step Merge: 000359
- to stream Main, to step Curation: 000359
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Exploring Information Security Issues in Public Sector Inter-organizational Collaboration</title><author><name sortKey="Van Veenstra, Anne Fleur" sort="Van Veenstra, Anne Fleur" uniqKey="Van Veenstra A" first="Anne Fleur" last="Van Veenstra">Anne Fleur Van Veenstra</name></author><author><name sortKey="Ramilli, Marco" sort="Ramilli, Marco" uniqKey="Ramilli M" first="Marco" last="Ramilli">Marco Ramilli</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:A73ADD540CAD2401F54568A06214306762AEB5E3</idno><date when="2011" year="2011">2011</date><idno type="doi">10.1007/978-3-642-22878-0_30</idno><idno type="url">https://api.istex.fr/document/A73ADD540CAD2401F54568A06214306762AEB5E3/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">001151</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">001151</idno><idno type="wicri:Area/Istex/Curation">001067</idno><idno type="wicri:Area/Istex/Checkpoint">000220</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000220</idno><idno type="wicri:doubleKey">0302-9743:2011:Van Veenstra A:exploring:information:security</idno><idno type="wicri:Area/Main/Merge">000359</idno><idno type="wicri:Area/Main/Curation">000359</idno><idno type="wicri:Area/Main/Exploration">000359</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Exploring Information Security Issues in Public Sector Inter-organizational Collaboration</title><author><name sortKey="Van Veenstra, Anne Fleur" sort="Van Veenstra, Anne Fleur" uniqKey="Van Veenstra A" first="Anne Fleur" last="Van Veenstra">Anne Fleur Van Veenstra</name><affiliation wicri:level="1"><country xml:lang="fr">Pays-Bas</country><wicri:regionArea>Faculty of Technology, Policy and Management, Delft University of Technology, Jaffalaan 5, 2628 BX, Delft</wicri:regionArea><wicri:noRegion>Delft</wicri:noRegion></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Pays-Bas</country></affiliation></author><author><name sortKey="Ramilli, Marco" sort="Ramilli, Marco" uniqKey="Ramilli M" first="Marco" last="Ramilli">Marco Ramilli</name><affiliation wicri:level="1"><country xml:lang="fr">Italie</country><wicri:regionArea>Dipartimento di Elettronica Informatica e Sistemistica, University of Bologna, Via Venezia, 52, 47023, Cesena</wicri:regionArea><wicri:noRegion>Cesena</wicri:noRegion></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Italie</country></affiliation></author></analytic><monogr></monogr><series><title level="s">Lecture Notes in Computer Science</title><imprint><date>2011</date></imprint><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="Teeft" xml:lang="en"><term>Access</term><term>Access control</term><term>Access point</term><term>Administrator entities</term><term>Administrator role</term><term>Case study</term><term>Case workers</term><term>Check point</term><term>Check point pattern</term><term>Check point patterns</term><term>Citizens information</term><term>Common tasks</term><term>Control access</term><term>Crossorganizational collaboration</term><term>Data access control</term><term>Database security</term><term>Design pattern</term><term>Design patterns</term><term>Different organizations</term><term>Different roles</term><term>Electronic government</term><term>Exchange citizens</term><term>Executive organizations</term><term>Further research</term><term>High level blocks</term><term>Ieee computer society</term><term>Income data</term><term>Individual citizens</term><term>Information access</term><term>Information security</term><term>Information security issues</term><term>Large executive organizations</term><term>Legal arrangements</term><term>Limited research</term><term>Local level</term><term>Marital status</term><term>More roles</term><term>Multiple organizations</term><term>National level</term><term>Organizational arrangements</term><term>Pattern language</term><term>Pattern languages</term><term>Personal data</term><term>Personal information</term><term>Public organizations</term><term>Public sector</term><term>Ramilli</term><term>Rbac</term><term>Rbac model</term><term>Same information</term><term>Security patterns</term><term>Security patterns landscape</term><term>Security session</term><term>Security threats</term><term>Service delivery</term><term>Similar sets</term><term>Simple roles</term><term>Single access point</term><term>Single access point pattern</term><term>Social security</term><term>Social security allowance</term><term>Social security executive organization</term><term>Software engineering</term><term>Strict rules</term><term>Technical solutions</term><term>Unauthorized</term><term>Unauthorized access</term><term>User</term><term>Veenstra</term></keywords></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Joining up service delivery of multiple organizations often requires public organizations to exchange citizens’ information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, which are proven technical solutions. This paper explores data control issues for realizing information security by looking at the application of security patterns in practice. By investigating a case study of inter-organizational collaboration in the Netherlands we explore the use of two security patterns that control access to information: Extended Role-Based Access Control (ERBAC) and Single Access Point/Check Point. We investigated whether those patterns were implemented in the right way and whether they were sufficient for guaranteeing access control. We found issues related to access control to be crucial in realizing information security, which can only be realized by implementing organizational arrangements in addition to technical solutions. Therefore, we recommend development of a framework for information security in interorganizational collaboration including technical and organizational aspects.</div></front></TEI><affiliations><list><country><li>Italie</li><li>Pays-Bas</li></country></list><tree><country name="Pays-Bas"><noRegion><name sortKey="Van Veenstra, Anne Fleur" sort="Van Veenstra, Anne Fleur" uniqKey="Van Veenstra A" first="Anne Fleur" last="Van Veenstra">Anne Fleur Van Veenstra</name></noRegion><name sortKey="Van Veenstra, Anne Fleur" sort="Van Veenstra, Anne Fleur" uniqKey="Van Veenstra A" first="Anne Fleur" last="Van Veenstra">Anne Fleur Van Veenstra</name></country><country name="Italie"><noRegion><name sortKey="Ramilli, Marco" sort="Ramilli, Marco" uniqKey="Ramilli M" first="Marco" last="Ramilli">Marco Ramilli</name></noRegion><name sortKey="Ramilli, Marco" sort="Ramilli, Marco" uniqKey="Ramilli M" first="Marco" last="Ramilli">Marco Ramilli</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Sarre/explor/MusicSarreV3/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000359 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000359 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Sarre
|area= MusicSarreV3
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:A73ADD540CAD2401F54568A06214306762AEB5E3
|texte= Exploring Information Security Issues in Public Sector Inter-organizational Collaboration
}}
| This area was generated with Dilib version V0.6.33. |  |