How to Manage Large Numbers of Usernames and Passwords Within an Enterprise

“How to Manage Large Numbers of Usernames and Passwords within an Enterprise”

Research Proposal Research Proposal 2

Table of Contents

Chapter 1: Introduction…………………………………………………………….3

Historical Background…………………………………………………...3

Purpose…………………………………………………………………..3

Chapter 2: Context of the Problem…………………………………………………4

Problem Statement…………………………………………………….....4

Chapter 3: Significance and Impact………………………………………………..5

Chapter 4: Research Design Methodology………………………………………....5

Research Questions and Theoretical Solutions…………………………...5-6

Conclusion…………………………………………………………………………….7

References…………………………………………………………………………….8

Research Proposal 3

Chapter 1: Introduction

The introduction of this research will give a brief insight as to

how quick an enterprise organization can go from a small amount of

access credentials (usernames and passwords) for network resources to

large amounts of them due to an organization’s growth. Within this

chapter, it will also cover the historical background (how the problem

first came to light) and the purpose (reason for the research) (Ormancy,

2008).

Historical Background

This chapter will provide the reader with insight into how the

problem first appeared and origins. It will also further describe how

technological advancements have contributed to the problem as an

enterprise grows at an exponential rate. Within this chapter, it will also

cover why usernames and passwords exist and in what ways usernames

and passwords have become time consuming, costly, and an

administrative burden (Bhattacharya, Chhaware, & Pandy, 2013).

Purpose

This chapter describes the objectives of the research to be performed with

regards as to how to minimize large usernames and passwords within enterprises. The

chapter also explains why this research needs to be performed and what is to be gained

from performing such research. In addition, this chapter will briefly touch on how

potential solutions were founded and how knowledge was gained from the research Research Proposal 4

(Burr, 2013).

Chapter 2: Context of the Problem

This chapter will provide a clear description of the environment in

which managing large usernames and passwords is an issue. It will also

identify the organizations and entities to which this problem does not

pertain, along with reasons why the problem is not an issue within their

realm. Lastly, it will describe and define what is meant by “Large

Numbers of Usernames and Passwords” and what is meant by the term

“Enterprise” used in a technological context (Wurzler, 2013).

Problem Statement

This chapter provides the reader with an understanding of the

problem that is the focus of the research being performed. The chapter

presents a formal description in a succinct (one sentence delivery),

followed by a series of descriptions, and examples of the problem. This

chapter will also provide a lead-in to the next two chapters that discuss

the impact and significance of the subject matter, the potential gains as a

direct result of research, and impact on those stakeholders that would

benefit most from a solution to the problem (Andersson, 2013). Research Proposal 5

Chapter 3: Significance and Impact

Within this chapter, significance of practice and impact will

present the reader with a detailed point of view of the problem as

described in the previous chapter. The study is one of practice due to

credentialed access being one that is used on an everyday basis (Schmidt,

2011). The impact is presented in a way that conveys to the reader as to

how to manage such issues with large credentialed access to keep the

issue from hindering the organization as well as the employees (NISO,

2011).

Chapter 4: Research Design Methodology

This chapter presents a list of the methods employed during

research, and whether the research is focused primarily on quantitative or

qualitative methods and why (Gerdes, 2008) and (Hillegersberg &Smits,

2013). A discussion of the difference between qualitative and

quantitative methodologies is presented so that the reader understands the

strengths and weaknesses of both and can then better understand why

both methods were employed for this research (Gerdes, 2008). Each

component of the research design methodology is presented and

discussed in full so that the reader thoroughly understands the reasoning

behind the design chosen for this research.

Research Questions and Theoretical Solutions

As the title implies, this chapter presents the questions that the Research Proposal 6 research will attempt to answer about the problem and the potential solutions for which the research is expected to provide (Stoneburner,

2002). Each question is listed separately within the chapter along with a detailed description that provides the reader with a concrete understanding of the significance of each question, the answer, and the evidence confirming or refuting the research done (Burr, 2013). Research Proposal 7

Conclusion

Since organizations have stopped using manual writing and

started using technology to keep up with things, it required credentialed

access for all network resources to protect employees, clients, and the

organization’s privacy. With this type of upgrade, many issues came

about with the use of different usernames and passwords for each

network. Therefore, this conclusion will summarize the findings, the

evidence, and recommendations as to how to minimize large usernames

and passwords within a large enterprise/or organizational setting

(Ormancy, 2008). Research Proposal 8

References

Andersson, D., (2013). Authentication with passwords and passphrases- Implications on usability and security. Lunds University, Department of Informatics, p. 4-11.

Bhattacharya, A., Chhaware, S.P., & Pandy, S.B. (2013). A survey on distributed network services using sso for secure mechanism. International Journal of Research in

Computer and Communication Technology, Vol 2, Issue 10, October, 2013.

Burr, W. (2013). Electronic authentication guideline, NIST Special

Publication 800-63-2, U.S. Department of Commerce.

Gerdes, J. (2008). Multi-dimensional credentialing using veiled certificates: Protecting the privacy in the face of regulatory reporting requirements. Computers and Security, Vol. 28, p. 248 – 259.

Hillegersberg, J., & Smits, D., (2013). The continuing mismatch between it governance, theory, and practice: Results from a delphi study with cio's.

University of Twente’.

NISO, (2011). ESPReSSO: establishing suggested practices regarding single sign-on.

NISO, Baltimore, MD.

Ormancy, E, (2008). CERN single sign-on solution. Journal of Physics.

IOP Publishing, Conference Series 119, p. 1-2.

Schmidt, (2011). Illiad, cas, shibboleth, and php: the road to single sign-on. University of South Florida Academic Services Faculty and Staff Publications, Tampa Library.

Stoneburner, (2002). Risk management guide for information technology systems. NIST Special Publication, 800-30.

Wurzler, J., (2013). Information risks and risk management. SANS Institute, p. 2-4. Research Proposal 9