Managing Information Access in Data-Rich Enterprises with Escalation and Incentives

Xia Zhao and M. Eric Johnson
International Journal of Electronic Commerce,
Volume 15 Number 1, Fall 2010, pp. 79.

Abstract: Managing information access in highly dynamic e business environments is increasingly challenging. In large firms with thousands of employees accessing thousands of applications and data sources, managers must protect information against misuse but ensure that employees can access the information needed for value creation. An escalation scheme with audits to increase flexibility while maintaining security is proposed. By coupling incentives with controls, escalation aligns employees’ self-interest with the firm’s profit objective. A game-theoretic model shows that an incentives-based policy with escalation and audit can control both overentitlement and underentitlement while maintaining flexibility.

Key Words and Phrases
: Access control, audit, e-business, e-commerce, economic analysis, entitlement, escalation policy, information security, information systems.