Conference Paper

Inter-organisational Controls as Value Objects in Network Organisations

VU University Amsterdam, Amsterdamo, North Holland, Netherlands
DOI: 10.1007/11767138_23 Conference: Advanced Information Systems Engineering, 18th International Conference, CAiSE 2006, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings
Source: DBLP

ABSTRACT

Inter-organizational controls are mechanisms used to ensure and monitor that networked enterprises do not commit a fraud and behave as agreed. Many of such controls have, apart from thei r control purpose, an inherent economic value component. This feature requires controls to pop-up into business value models, stating how actors crea te, trade and consume objects of economic value. In this paper, we provid e guidelines that can be used to decide whether organizational controls should be part of a value model or not. We demonstrate these guidelines by a case stud y on the Letter of Credit procedure.

Download full-text

Full-text

Available from: Yao-Hua Tan
  • Source
    • "An important example is the increased information exchange in closely cooperating value chains where information security is a major issue [6]. Current access-control modeling methodologies do not sufficiently consider interorganizational cooperations, which present new challenges for the control of economic value exchange [7] and for security [8][9]. Besides technological issues, many organizational and management challenges need to be resolved to establish a secure information flow where access is limited to authorized employees and partners . "
    [Show abstract] [Hide abstract]
    ABSTRACT: Information flow between organizations has increased tremendously in recent years, for example in information federations of closely cooperating partners in a value chain. With this intensified exchange, information security becomes a major issue. In particular, coordinated access control policies must be derived by multiple organizations in a systematic fashion. However, current access-control modeling methodologies do not sufficiently address interorganizational information flow. In order to close this gap, we provide a methodology for engineering access control policies between multiple organizations, which is motivated and exemplified by a case study on information federation in the industrial service sector. Furthermore, we present a tool-supported approach for semi-automatic generation of interorganizational role-based access control policies derived from graphical business process models.
    Full-text · Conference Paper · Aug 2011

  • No preview · Article ·
  • Source

    Preview · Article ·
Show more