Author: Klaus Haller
Published in: 1st BPM Workshop on Workflow Security Audit and Certification (WfSAC) at BPM 11 Clermont-Ferrand, France, August 28th to September 2nd, 2011
Data privacy is a major issue for companies today. Risks can come from external attacks or from internal users disclosing sensitive data to the public. In the latter case, restricting user access to data mitigates the risk. Thanks to role-based access models, users see only the data that they need for their work. This paper presents a methodology for assessing how effective such restrictions are. It is based on classifying data, analyzing access paths, and understanding the impact of design principles. Its special contribution is its end-to-end view. It is applicable directly to complex IT landscapes being the norm today.
Read the full paper:
Klaus Haller: Data-Privacy Assessments for Application Landscapes – A Methodology