Inter-Organizational Study of Access Control Security Measures

Abstract

This study assesses the level of implementation and management of access control security measures among organizations. A survey was conducted and 233 responses were received from 56 organizations drawn from 5 major industry sectors of Ghana. This study focuses on the four access control clauses, namely access control policy, user access management, user responsibility and accountability, and system and application access control, which were adopted from ISO/IEC27002 international information systems security management standard. Overall, the results show that the organizations' level of implementation and management of access control measures were approximately 66.6% (Level 3 - well defined), indicating that access control measures were documented, approved, and implemented organization-wide. Moreover, the results show significant differences in the implementation and management of access control measures among the organizations. For all the access control measures, the financial and health care institutions outperform educational institutions and government public services.