Abstract
Large financial firms with thousands of employees face many challenges ensuring workers have access to the right information, yet controlling access to unneeded data. We examine the problems of role lifecycle management and entitlement review processes in the context of large financial institutions. We describe observations from field study research in both retail and investment banks. We examine technologies to enable role and entitlement management and present a roadmap for future research.
This research was supported through the Institute for Security Technology Studies at Dartmouth College, under awards 60NANB6D6130 from the U.S. Department of Commerce and U.S. Department of Homeland Security under Grant Award Number 2006-CS-001-000001. The statements, findings, conclusions, and recommendations are those of the authors and do not necessarily reflect the views of the National Institute of Standards and Technology (NIST), the U.S. Department of Commerce, or U.S. Department of Homeland Security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Johnson, M.E.: A Broader Context for Information Security. Financial Times 4 (September 16, 2005)
Scott, D., Andrijcic, E., Johnson, M.E.: Costs to the U.S. Economy of Information Infrastructure Failures: Estimates from Field Studies and Economic Data. In: Proceedings of the Fifth Workshop on the Economics of Information Security, Cambridge University (June 2006)
Johnson, M.E., Goetz, E.: Embedding Information Security Risk Management into the Extended Enterprise. IEEE Security and Privacy, pp. 16–24 (May–June, 2007)
Anderson, R.E.: Matrix Redux. Business Horizons, pp. 6–10 (November–December, 1994)
Burns, L.R., Wholey, D.R.: Adoption and Abandonment of Matrix Management Programs: Effects on Organizational Characteristics and Interorganizational Networks. Academy of Management Journal 36(1), 106–139
Ferraiolo, D., Kuhn, R.: An Introduction to Robe-Based Access Control. NIST/ITL Bulletin (December 1995), http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Li, N., Mitchell, J.C.: RT: A Role-Based Trust-management Framework. In: Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III) (April 2003)
Kunreuther, H., Heal, G.: Interdependent Security. The Journal of Risk and Uncertainty 26(2), 231–249 (2003)
Kunreuther, H.: Risk Analysis and Risk Management in an Uncertain World. Risk Analysis 22(4), 655–664 (2002)
Smith, S.W.: Humans in the Loop: Human-Computer Interaction and Security. IEEE Security and Privacy 1(3), 75–79 (2003)
Smith, S.W., Masone, C., Sinclair, S.: Expressing Trust in Distributed Systems: the Mismatch Between Tools and Reality. In: Forty-Second Annual Allerton Conference on Communication, Control, and Computing (September 2004)
Bridgestream, Products (2006), http://www.bridgestream.com/products.php
Donner, M., Nochin, D., Shasha, D., Walasek, W.: Algorithms and Experience in Increasing the Intelligibility and Hygiene of Access Control in Large Organizations. In: Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, Kluwer, Dordrecht (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sinclair, S., Smith, S.W., Trudeau, S., Johnson, M.E., Portera, A. (2008). Information Risk in Financial Institutions: Field Study and Research Roadmap. In: Veit, D.J., Kundisch, D., Weitzel, T., Weinhardt, C., Rabhi, F.A., Rajola, F. (eds) Enterprise Applications and Services in the Finance Industry. FinanceCom 2007. Lecture Notes in Business Information Processing, vol 4. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78550-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-78550-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78549-1
Online ISBN: 978-3-540-78550-7
eBook Packages: Computer ScienceComputer Science (R0)