Availability and Accessability |
Currency |
Reliability and Credibility |
Usability and Interpretability |
Data access control
Compare with other Characteristic
Characteristic Name: | Data access control |
Definition: | The access to the data should be controlled to ensure it is secure against damage or unauthorised access. |
Dimension: | Availability and Accessability |
Granularity: | Information object |
Characteristic Type: | Usage |
Implementation Form: | Process-based approach |
Verification Metric:
The number of tasks failed or under performed due to lack of data access control |
The number of complaints received due to lack of data access control |
Validation Metric:
To what extent required capabilities and skills have been implemented to improve the data usage of a task |
BackgroundGuidelines
The original definitions given below formed the basis of the consolidated definition of the characteristic.
Definition: | Source: |
---|---|
Is the information protected against loss or unauthorized access? | EPPLER, M. J. 2006. Managing information quality: increasing the value of information in knowledge-intensive products and processes, Springer. More from this source |
Data is appropriately protected from damage or abuse (including unauthorized access, use, or distribution). | PRICE, R. J. & SHANKS, G. Empirical refinement of a semiotic information quality framework. System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International Conference on, 2005. IEEE, 216a-216a. More from this source |
The extent to which information is protected from harm in the context of a particular activity. | STVILIA, B., GASSER, L., TWIDALE, M. B. & SMITH, L. C. 2007. A framework for information quality assessment. Journal of the American Society for Information Science and Technology, 58, 1720-1733. More from this source |
Access to data can be restricted and hence kept secure. | WANG, R. Y. & STRONG, D. M. 1996. Beyond accuracy: What data quality means to data consumers. Journal of management information systems, 5-33. More from this source |
The implementation guidelines are guidelines to follow in regard to the characteristic. The scenarios are examples of the implementation
Guidelines: | Scenario: |
---|---|
Periodically evaluate the security needs considering the criticality of data (Value, confidentiality, privacy needs etc.) and accessibility requirements of data and then update the information security policy consistently. | (1) Employee salary is a confidential data and hence need security against unauthorised access. (2) Master data has a high economic value to the organisation and hence need security against unauthorised access and change |
Continuously evaluate the risks threats and identify the vulnerabilities for data and update the information security policy | (1) The frequency of security assessment for data associated with online transactions was increased due to the high volume of online transactions. |
Implementation of access controls for each critical information as prescribed by the information security policy. | (1) An Employee’s salary data can be viewed only by his or her superiors. (2) Master data can be created and updated only by the authorised executives. (3) Login credentials are required for system access |
Data is stored in secured locations and appropriate backups are taken | (1) Databases are stored in a special server and backups are taken regularly (2) Documents are saved using a content management system in a file server |
Restrict the accessibility of information using software based mechanism | (1) Data encryption (2) Firewalls |
Restrict the accessibility of information using hardware based mechanism | (1) Security tokens |
Availability and Accessability |
Currency |
Reliability and Credibility |
Usability and Interpretability |
Leave a Reply
Be the First to Comment!
You must be logged in to post a comment.