How Users Bypass Access Control – and Why: the impact of authorization problems on individuals and the organisation

Steffen Bartsch and M. Angela Sasse Abstract Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not consider the full range of underlying problems, and Read more…