dc.contributor.author | Okoth, Fredrick | |
dc.date.accessioned | 2013-03-12T08:44:47Z | |
dc.date.issued | 2012 | |
dc.identifier.citation | Masters of science in computer science | en |
dc.identifier.uri | http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/13481 | |
dc.description.abstract | Insider threats are alive with us today and so access to the Information systems has become so
critical that organizations have incorporated periodic user access rights audit in their
Information security policy's to be carried out by System auditors. System auditors need to
consistently audit user's access to applications while cross referencing the same with related
user roles and responsibilities as captured in the Job description to ensure compliance.
Appropriate segregation of duties is key in this review as mismatch is reported and investigated
in a timely manner.
This study proposes a multi-agent model where autonomous agents represent the various aspects
of access controls captured in the Job description, active users log and the organizational policy
on system access. These agents communicate to establish scenarios where conflicts exist. The
conflicts are defined as either applications accessed by system users not captured in their Job
descriptions, users accessing the same application as both user and super user and access policy
violations. These conflicts are reported in a risk matrix format as either low, medium or high.
The tropos methodology was adopted to model this multi-agent system.
The study looked at a sampled number of system users from which a total of II system users
reported violations representing 23% of the sample size. The proposed model provides a
platform for auditing what system users' access, their role and responsibilities within the
organization as well as the policy requirements governing system access and usage. | en |
dc.description.sponsorship | University of Nairobi | en |
dc.language.iso | en | en |
dc.publisher | University of Nairobi | en |
dc.subject | multi-agent model | en |
dc.subject | System user | en |
dc.subject | Access rights | en |
dc.subject | Audit | en |
dc.title | A multi-agent model for system user access rights audit | en |
dc.type | Thesis | en |
local.publisher | School of Computing and Informatics | en |