Cited By
View all- Yaghmaei Evan de Poel IChristen MGordijn BKleine NLoi MMorgan GWeber K(undefined)Canvas White Paper 1 Cybersecurity and EthicsSSRN Electronic Journal10.2139/ssrn.3091909
Analysis of the impact of ethical issues on the management of the access rights
Pages 12 - 19
Abstract
Nowadays, the evolution of the information system (IS) is very fast and companies have to manage a very huge amount of sensitive and critical information. Therefore, the information system managers are urged to accurately design their IS and to provide the accurate access rights to this information. In that regards, although the advantage of this strict definition of the IS, we observe that this evolution also tends to reduce and to limit the employees' personal initiatives to act and to behave for the well-being of the company, especially in the case of professional ethical reasons. In this context, this paper takes up the challenge to show to the information security specialists the importance of addressing ethical issues along the management of the access rights and proposes a model-based technical approach to face this problem.
References
[1]
O'Grady, Michael J., et al. "Towards evolutionary ambient assisted living systems." JAIHC 1.1 (2010): 15--29.
[2]
Martin, C. Dianne, and Elaine Yale Weltz. "From awareness to action: Integrating ethics and social responsibility into the computer science curriculum." ACM SIGCAS Computers and Society 29.2 (1999): 6--14.
[3]
Goldin, Ilya M., Kevin D. Ashley, and Rosa L. Pinkus. "Introducing PETE: computer support for teaching ethics." Proc. of the 8th Int. Conf. on Artificial intelligence and law. ACM, 2001.
[4]
Anderson, Ronald E. "Social impacts of computing: Codes of professional ethics." Social Science Computer Review 10.4 (1992): 453--469.
[5]
Bynum, Terrell Ward, and Simon Rogerson. "Computer ethics and professional responsibility." (2003).
[6]
Wright, D "A framework for the ethical impact assessment of information technology." Ethics and Information Technology 13.3 (2011): 199--226.
[7]
Banta, David. "The development of health technology assessment." Health policy 63.2 (2003): 121--132.
[8]
Boehm, Barry. "Value-based software engineering: reinventing." ACM SIGSOFT Software Engineering Notes 28.2 (2003): 3.
[9]
Breaux, Travis D., and Annie I. Antón. "Analyzing regulatory rules for privacy and security requirements." Software Engineering, IEEE Transactions on 34.1 (2008): 5--20.
[10]
Wallach, Wendell, and Colin Allen. Moral machines: Teaching robots right from wrong. Oxford University Press, 2008.
[11]
R. Simon, J. Weckert, C. Simpson. "An ethical review of information systems development-The Australian Computer Society's code of ethics and SSADM." Information technology & people 13.2 (2000): 121--136.
[12]
Mumford, Enid. Effective systems design and requirements analysis: the ETHICS approach. Macmillan, 1995.
[13]
Trompeter, Colette M., and Jan H. P. Eloff. "A framework for the implementation of socio-ethical controls in information security." Computers & Security 20.5 (2001): 384--391.
[14]
Walters, Gregory J. "Privacy and security: an ethical analysis." ACM SIGCAS computers and society 31.2 (2001): 8--23.
[15]
Leiwo, Jussipekka, and Seppo Heikkuri. "An analysis of ethics as foundation of information security in distributed systems." System Sciences, 1998., Proc. 31st Hawaii Int. Conf., Vol. 6. IEEE, 1998.
[16]
Gotterbarn, Donald. "Informatics and professional responsibility." Science and Engineering Ethics 7.2 (2001): 221--230.
[17]
Moor, James H. "The nature, importance, and difficulty of machine ethics." Intelligent Systems, IEEE 21.4 (2006): 18--21.
[18]
M. A. Jackson, Problem Frames: Analyzing and Structuring Software Development Problems, Addison-Wesley, 2001
[19]
P. Zave and M. Jackson, "Four dark corners of requirements engineering," ACM Trans. Software Eng. and Methodology, Vol 6, No 1, pp. 1--30, Jan. 1997.
[20]
Letier, Emmanuel, and Axel Van Lamsweerde. "Reasoning about partial goal satisfaction for requirements and design engineering." ACM SIGSOFT Software Engineering Notes 29.6 (2004): 53--62.
[21]
McDermott, John, and Chris Fox. "Using abuse case models for security requirements analysis." Computer Security Applications Conference, 1999.(ACSAC'99) Proc. 15th Annual. IEEE, 1999.
[22]
L. Lin, B. Nuseibeh, D. Ince, M. Jackson and J. Moffett, "Introducing Abuse Frames for Analyzing Security Requirements", Internal Report, Open University, 2003.
[23]
Sindre, Guttorm, and A. L. Opdahl. "Eliciting security requirements with misuse cases." Requirements engineering 10.1 (2005): 34--44.
[24]
Van Lamsweerde, Axel. "Elaborating security requirements by construction of intentional anti-models." Proceedings of the 26th Int. Conf. on Software Engineering. IEEE Computer Society, 2004.
[25]
Purdy, Grant. "ISO 31000: 2009---setting a new standard for risk management." Risk analysis 30.6 (2010): 881--886.
[26]
D. J. Solove, M. Rotenberg, P. M. Schwartz, "Privacy, Information And Technology (Aspen Elective)", Aspen Publishers, 2006.
[27]
P. Guarda, N. Zannone, "Towards the development of privacy-aware system", Information & Software Technology 51(2), 337--350, 2009.
[28]
Massacci, Fabio, and Nicola Zannone. "Privacy is linking permission to purpose." Security Protocols. Springer, 2006.
[29]
David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli.Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3), 2001.
[30]
Feltus, C. 2014. Aligning access rights to governance needs with the responsibility metamodel (ReMMo) in the frame of enterprise architecture. PhD Thesis. Prom.: Petit, M.; Dubois, E.
[31]
C. Feltus, E. Dubois, E. Proper, I. Band, M. Petit, Enhancing the ArchiMate Standard with a Responsibility Modeling Language for Access Rights Management, in Proc. 5th Int. Conf. on Security of Information and Networks, Jaipur, Rajastan, India. 2012. ACM.
[32]
Nicole A. Vincent, A structured taxonomy of responsibility concepts. Moral Responsibility: Beyond free will and determinism, Vincent, Van de Poel and Van den Hoven, pg. 15--35, August 2011.
[33]
Patricia Day and Rudolf Klein. Accountabilities: five public services. Tavistock, 1987.
[34]
http://www.ama-assn.org/ama/pub/physician-resources/medical-ethics/code-medical-ethics.page
[35]
Object Management Group (OMG). Uml 2.4.1 superstructure specification, 2011.
[36]
Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., & Antunes, L. (2009, December). How to securely break into RBAC: the BTG-RBAC model. ACSAC'09. pp. 23--31. IEEE.
[37]
Celikel, E., Kantarcioglu, M., Thuraisingham, B., Cavus, D. 2007. Model for Risk Adaptive Access Control in RBAC Employed Distributed Environments, Univ. Texas, Dallas, TX 75083.
[38]
Cheng, P. C. et al., 2007. Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control, Security and Privacy, 2007. SP '07. IEEE, pp. 222--230.
[39]
Kandala, S.; Sandhu, R.; Bhamidipati, V. 2011. An Attribute Based Framework for Risk-Adaptive Access Control Models, 6th Int. Conf. on Availability, Reliability and Security (ARES), 2011, pp. 236--241.
[40]
Rifaut, A. "Compliance management with measurement frameworks." 4th International Workshop on Requirements Engineering and Law (RELAW). IEEE, 2011.
[41]
Ponsard, C., et al. "Early verification and validation of mission critical systems." Formal Methods in System Design 30.3 (2007).
[42]
Turki, Slim, and M. Léonard. "Hyperclasses." In Proc. of the 4th Int. Conf. on Enterprise Information Systems, ICEIS, pp. 788--794. 2002.
[43]
Feltus, C.; Dubois, E.; Petit, M., Alignment of ReMMo with RBAC to manage access rights in the frame of enterprise architecture, RCIS 2015, pp. 262--273, May 2015.
Index Terms
- Analysis of the impact of ethical issues on the management of the access rights
Recommendations
Ethical responsibilities: the smart card engineer
ETHICS '14: Proceedings of the IEEE 2014 International Symposium on Ethics in Engineering, Science, and TechnologyAlbert Einstein in one of his philosophical notes stated: "I do not believe in immortality of the individual, and I consider ethics to be an exclusively human concern with no superhuman authority behind it". Arguably, ethics does not necessarily mean ...
Animating the ethical demand: exploring user dispositions in industry innovation cases through animation-based sketching
Special Issue on EthicompThis paper addresses the challenge of attaining ethical user stances during the design process of products and services and proposes animation-based sketching as a design method, which supports elaborating and examining different ethical stances towards ...
A Survey of Ethical Agreements in Information Security Courses
SIGCSE '16: Proceedings of the 47th ACM Technical Symposium on Computing Science EducationExisting ethical agreements, as applicable in the teaching of information security courses, typically spell out rules on what students should and should not do. The main problem is that the question of what students should or should not do is not a ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2015
350 pages
ISBN:9781450334532
DOI:10.1145/2799979
- Conference Chairs:
- Oleg Makarevich,
- Ron Poet,
- Atilla Elçi,
- Manoj Singh Gaur,
- Mehmet Orgun,
- Program Chairs:
- Ludmila Babenko,
- Sadek Ferdous,
- Anthony T. S. Ho,
- Vijay Laxmi,
- Josef Pieprzyk
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 September 2015
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- European Union
Conference
SIN '15
SIN '15: The 8th International Conference on Security of Information and Networks
September 8 - 10, 2015
Sochi, Russia
Acceptance Rates
SIN '15 Paper Acceptance Rate 34 of 92 submissions, 37%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 133Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 02 Oct 2024
Other Metrics
Citations
Cited By
View all- Yaghmaei Evan de Poel IChristen MGordijn BKleine NLoi MMorgan GWeber K(undefined)Canvas White Paper 1 Cybersecurity and EthicsSSRN Electronic Journal10.2139/ssrn.3091909
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in