A multi-agent model for system user access rights audit

Abstract

Insider threats are alive with us today and so access to the Information systems has become so critical that organizations have incorporated periodic user access rights audit in their Information security policy's to be carried out by System auditors. System auditors need to consistently audit user's access to applications while cross referencing the same with related user roles and responsibilities as captured in the Job description to ensure compliance. Appropriate segregation of duties is key in this review as mismatch is reported and investigated in a timely manner. This study proposes a multi-agent model where autonomous agents represent the various aspects of access controls captured in the Job description, active users log and the organizational policy on system access. These agents communicate to establish scenarios where conflicts exist. The conflicts are defined as either applications accessed by system users not captured in their Job descriptions, users accessing the same application as both user and super user and access policy violations. These conflicts are reported in a risk matrix format as either low, medium or high. The tropos methodology was adopted to model this multi-agent system. The study looked at a sampled number of system users from which a total of II system users reported violations representing 23% of the sample size. The proposed model provides a platform for auditing what system users' access, their role and responsibilities within the organization as well as the policy requirements governing system access and usage.