Modelling the Impact of Administrative Access Controls on Technical Access Control Measures

Abstract

Almost all computing systems and applications in organizations include some form of access control mechanisms. Managing secure access to computing resources is an important but a challenging task, requiring both administrative and technical measures. This study examines the influence of administrative access control measures on technical access control mechanisms. Based on the four access control clauses defined by ISO/IEC27002, this study develops a model to empirically test the impact of access control policies on systems and applications control activities. The study employs Partial Least Square Structural Equation Modelling (PLS-SEM) to analyze data collected from 223 samples through a survey questionnaire. The results show that the greatest significant impact on applications and systems access control measures is through access control policies mediated by users' responsibilities and accountability and user access management activities. But the direct impact of access control policies on applications and systems access control measures is not significant.