Exploring information security issues in public sector inter-organizational collaboration

Abstract

Joining up service delivery of multiple organizations often requires public organizations to exchange citizens' information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, which are proven technical solutions. This paper explores data control issues for realizing information security by looking at the application of security patterns in practice. By investigating a case study of inter-organizational collaboration in the Netherlands we explore the use of two security patterns that control access to information: Extended Role-Based Access Control (ERBAC) and Single Access Point/Check Point. We investigated whether those patterns were implemented in the right way and whether they were sufficient for guaranteeing access control. We found issues related to access control to be crucial in realizing information security, which can only be realized by implementing organizational arrangements in addition to technical solutions. Therefore, we recommend development of a framework for information security in interorganizational collaboration including technical and organizational aspects. © 2011 IFIP International Federation for Information Processing.