{"title":"Information Security Risk Management in a World of Services","authors":"V. Lalanne, M. Munier, A. Gabillon","doi":"10.1109/SocialCom.2013.88","DOIUrl":null,"url":null,"abstract":"Service Oriented Architectures (SOA) offer new opportunities for the interconnection of systems. However, for a company, opening its Information System to the \"world\" is not insignificant in terms of security. Whether to use available services or provide its own services, new technologies have introduced new vulnerabilities and therefore new risks. Our work aims to propose an approach for risk management which is based on the ISO/IEC 27005:2011 standard: we propose a development of this standard (by an extension of Annex D) so that it can fully take into account the type \"service\" as web services and cloud services. Indeed, a world of services is not limited to link interconnected systems, it is more a relationship between customer and supplier, where notions of trust, accountability, trace ability and governance are developed. Following this study we introduce a new security criterion, controllability, to ensure that a company keeps control of its information even if it uses such outsourced services.","PeriodicalId":129308,"journal":{"name":"2013 International Conference on Social Computing","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Social Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SocialCom.2013.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Service Oriented Architectures (SOA) offer new opportunities for the interconnection of systems. However, for a company, opening its Information System to the "world" is not insignificant in terms of security. Whether to use available services or provide its own services, new technologies have introduced new vulnerabilities and therefore new risks. Our work aims to propose an approach for risk management which is based on the ISO/IEC 27005:2011 standard: we propose a development of this standard (by an extension of Annex D) so that it can fully take into account the type "service" as web services and cloud services. Indeed, a world of services is not limited to link interconnected systems, it is more a relationship between customer and supplier, where notions of trust, accountability, trace ability and governance are developed. Following this study we introduce a new security criterion, controllability, to ensure that a company keeps control of its information even if it uses such outsourced services.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
