Access Management as a Security Critical Factor: A Portuguese Telecommunications Company Case Study

Introduction

Organizations are more dependent than ever on information systems (IS) to enhance business efficiency and effectiveness (Chang & Wang, 2011). This dependency obliges management to seek ways to ensure the security of information and its systems for its processing and storage. On the other hand, the growing complexity of the environment in which the economic activities of organizations are carried out has also led to vulnerabilities concerning the resources and systems used.

Technological innovation and the continued reliance on new information and communication technologies have underscored the importance of information security. Technological innovation stimulates the continual improvement of organizational processes, services, and systems. The systemic and integrated risk approach prevention shall ensure the security of all information, systems, and the organizations. Governance and management should architect a framework (Bahl, & Wali, 2014) that goes far beyond the legal norms, regulations, and procedures application, which may be an appropriate response to the minimization of risks associated with possible breaches of security (Chen & Ramamurthy, 2015).

This continuing need for security is a critical challenge concerning the modus operandi and image of economic organizations in the digital context of the economy and society and expressed in the guarantee of confidentiality to economic transactions and the suitability of the stakeholders involved. The increasing use of new and emerging technologies such as mobile computing, iPads, social media, Web 2.0 networking, cloud computing, and virtual collaborative environments have enabled organizations to exchange and transfer significant amounts of data, information, and intellectual property (Mejias & Balthazard, 2014; Heredero et al., 2013; Kim & Yong, 2012; Mejias & Harvey, 2012) are some examples of development factors that have contributed to the increased complexity of economic and social functioning.

We can consider that the scope of security associated with Information Systems should include the identification and definition of the set of techniques, measures, and procedures that ensure, concerning existing or generated systems and resources, their integrity, timeliness, authenticity, accuracy, and completeness, and reliability or accessibility by authorized users (Heredero et al., 2013 a)). There are six components traditionally indicated in the security field: assets, threats, vulnerabilities, risks, impacts, and guarantee (Heredero et al., 2013 b)).

The vulnerability of Information Systems is based on the accessibility. In the current economic context, managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing leaders today (Hamza, Abubakar & Danlami, 2018). Authentications management is a critical factor in the security of information systems in that it can condition the authenticity and reliability of the information.

Information systems integrate people and computers that, through defined rules and procedures, collect and filter data and produce, process, distribute, and interpret information (Esteves & Anunciação, 2021) (Kroenke et al., 2013). Information is one of the most important resources for organizations. Due to this importance, it is becoming increasingly important to implement an Information Security Management System (ISMS). It should integrate a set of policies, procedures, guidelines, resources, and associated activities, managed collectively, to protect information resources. Thus, an ISMS should correspond to a systemic approach to establish, implement, operate, monitor, review, maintain, and improve the security of an organization's information to achieve business objectives, assessing and accepting risk in the organization (ISO/IEC 27000, 2018).