Steffen Bartsch

Learn More
Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavyweight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user(More)
—Problems in organizational authorization result in productivity impacts and in security risks, for example, from over-entitlements and non-compliance. Many of the problems originate from organizational dynamics in combination with problematic authorization procedures for permission changes. To mitigate these problems and to improve the processes or craft(More)
—Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy(More)
Dieser Beitrag beschreibt ein Konzept zur Verbesserung der Sicherheit von Nutzern im Internet: Angepasst auf die jeweilige IT-Sicherheitsexpertise so-wie seiner Bereitschaft, Risiken einzugehen, werden dem Nutzer in risikoreichen Situationen unterschiedliche Interventionen geboten. Die Entscheidung, ob und welches Risiko existiert, wird auf rechtlicher und(More)
Most organizations have access control policies, and many have to change them frequently to get work done. Currently, the way such changes are made often has a significant impact on the organization's security, productivity, and employee satisfaction. Those who have to make the decisions are put on the spot, and depending on their perspective and(More)
Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not consider the full range of underlying problems, and their impact on organizations. We(More)