An integral part of Break-Glass is the need to separate legitimate from illegitimate accesses, i. e., analyze Break-Glass accesses in the post-access phase. Only if users know that misuse of Break-Glass will be punished, they will use Break-Glass the way it is intended: as exception mechanism for exceptional situations. However, making a post-access decision is a non-trivial task, as a lot of information is required to make a well-founded decision. Furthermore, it requires a human person – or an auditor as we will refer to them – to make the decision. As manual work is expensive, auditors should be supported in their work by the system, thus increasing the efficiency and reducing the need for investigations and therefore reducing the costs of the Break-Glass system.
KeywordsPolicy Language Abstract Evaluation Corporate Policy Policy Decision Point Policy Enforcement Point
Unable to display preview. Download preview PDF.