Abstract
Joining up service delivery of multiple organizations often requires public organizations to exchange citizens’ information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, which are proven technical solutions. This paper explores data control issues for realizing information security by looking at the application of security patterns in practice. By investigating a case study of inter-organizational collaboration in the Netherlands we explore the use of two security patterns that control access to information: Extended Role-Based Access Control (ERBAC) and Single Access Point/Check Point. We investigated whether those patterns were implemented in the right way and whether they were sufficient for guaranteeing access control. We found issues related to access control to be crucial in realizing information security, which can only be realized by implementing organizational arrangements in addition to technical solutions. Therefore, we recommend development of a framework for information security in interorganizational collaboration including technical and organizational aspects.
Chapter PDF
Similar content being viewed by others
References
Van Veenstra, A.F., Janssen, M.: Architectural Principles for Orchestration of Cross-Organizational Service Delivery: Case Studies from the Netherlands. In: Assar, S., Boughzala, I., Boydens, I. (eds.) Practical Studies in E-Government: Best Practices from Around the World, pp. 167–185. Springer, New York (2011)
Dunkerley, K., Tejay, G.: Theorizing information security success: Towards secure e-Government. International Journal of Electronic Government Research 6(3), 31–41 (2010)
Belanger, F., Hiller, J.S., Smith, W.J.: Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. Journal of Strategic Information Systems 11, 245–270 (2002)
Carter, L., McBride, A.: Information privacy concerns and e-government: a research agenda. Transforming Government: People, Process and Policy 4(1), 10–13 (2010)
Rezgui, A., Wen, Z., Bouguettaya, A.: Enforcing Privacy in Interoperable E-Government Applications. In: Proceedings of the 2002 Annual Conference on Digital Government Research (dg.o) (2002)
Bryl, V., Dalpiaz, F., Ferrario, R., Mattioli, A., Villafiorita, A.: Evaluating procedural alternatives: A case study in e-voting. Electronic Government 6(2), 213–231 (2009)
Moynihan, D.P.: Building Secure Elections: E-Voting, Security and Systems Theory. Public Administration Review 64(5), 515–528 (2004)
Ramilli, M.: Designing A New Electronic Voting System: Towards electronic voting systems. Lambert, SaarbrĂĽcken, Germany (2010)
Smith, A.D.: Securing e-voting as a legitimate option for e-governance. Electronic Government 4(3), 269–289 (2007)
Zhao, J.J., Zhao, S.Y.: Opportunities and threats: A security assessment of state e-government websites. Government Information Quarterly 27, 49–56 (2010)
Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An Analysis of the Security Patterns Landscape. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (SESS 2007). IEEE Computer Society, Washington, DC (2007)
Araujo, I., Weiss, M.: Linking patterns and non-functional requirements. In: Proceedings of the ninth Conference on Pattern Language of Programs, PLoP (2003)
Fernandez, E.B., Wu, J., Fernandez, M.H.: User group structures in object-oriented database authorization. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, pp. 57–76. North-Holland Publishing Co., Amsterdam (1994)
Lehtonen, J.P.: A pattern language for key management. In: Proceedings of the eight Conference on Pattern Language of Programs, PLoP (2002)
Schmidt, D., Stal, M., Rohnert, H., Buschmann, F.: Pattern-Oriented Software Architecture, Patterns for Concurrent and Networked, vol. 2. Wiley, Hoboken (2000)
Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer, New York (2003)
Flanders, E.B.F.: Data lter architecture pattern. In: Proceedings of the fifth Conference on Pattern Language of Programs, PLoP (1999)
Yoder, J., Barcalow, J.: Architectural patterns for enabling application security, Monticello, Illinois, USA (1997)
Braga, A., Rubira, C., Dahab, R.: Tropyc: A pattern language for cryptographic object-oriented software. In: Harrison, N., Foote, B., Rohnert, H. (eds.) Pattern Languages of Program Design, Â ch.16, vol. 4 (1998)
Fern, E.B., Pan, R.: A pattern language for security models. In: Proceedings of the seventh Conference on Pattern Languages of Programs, PloP (2001)
Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems (SESS 2007), IEEE Computer Society, Washington, DC, USA (2007)
Pernul, E.W.G., Tjoa, A.M.: Access controls by object-oriented concepts. In: Proceedings of the IFIP TC11WG11.3, Eleventh International Conference on Database Security XI: Status and Prospects, pp. 325–340. Chapman & Hall, Ltd, London (1998)
Fern, E.B., Sinibaldi, J.C.: More patterns for operating systems access control. In: Proceedings of the Eight European Conference on Patterns Language of Programming, EuroPLoP (2003)
Kodituwakku, S.R., Bertok, P., Zhao, L.: Aplrac: A pattern language for designing and implementing role-based access control. In: Proceedings of the Sixth European Conference on Pattern Languages of Programs, EuroPLoP (2001)
Giuri, L.: Role-based access control on the web using java. In: Proceedings of the Fourth ACM Workshop on Role-based Access Control, RBAC 1999. ACM, New York (1999)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerland, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, Hoboken (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
van Veenstra, A.F., Ramilli, M. (2011). Exploring Information Security Issues in Public Sector Inter-organizational Collaboration. In: Janssen, M., Scholl, H.J., Wimmer, M.A., Tan, Yh. (eds) Electronic Government. EGOV 2011. Lecture Notes in Computer Science, vol 6846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22878-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-22878-0_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22877-3
Online ISBN: 978-3-642-22878-0
eBook Packages: Computer ScienceComputer Science (R0)