Evaluating Information Security Controls Applied by Service-Oriented Architecture Governance Frameworks

نویسندگان

  • Jacqui Chetty
  • Marijke Coetzee
چکیده

Ensuring a secure Service-Oriented Architecture implementation within an organisation is challenging. Without sound information security principles supporting a Service-Oriented Architecture implementation, the rate of success is low. The information security principles of identification, authentication, authorization, confidentiality, integrity, availability and accountability remain the same for Service-Oriented Architectures. However, the Service-Oriented Architecture environment consists of agile implementations, which are designed around principles that demand a different approach that can be to the detriment of information security. Unless all information security issues related specifically to Service-Oriented Architecture are taken into consideration, an organisation faces unnecessary risks. An organisation faced with these added challenges may choose to avoid confronting this architectural approach altogether. Regrettably, an organisation could also miss out on the advantages and potential value that a Service-Oriented Architecture has to offer. In order to identify information security shortcomings regarding Service-Oriented Architecture governance frameworks, this paper evaluates two existing Service-Oriented Architecture governance frameworks against ISO/IEC 17799 (2005) controls. The paper presents an analysis and evaluation regarding the state of governance of information security for Service-Oriented Architectures, to assist managers on how this complex issue should be approached.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Development of a framework to evaluate service-oriented architecture governance using COBIT approach

Nowadays organizations require an effective governance framework for their service-oriented architecture (SOA) in order to enable them to use a framework to evaluate their current state governance and determine the governance requirements, and then to offer a suitable model for their governance. Various frameworks have been developed to evaluate the SOA governance. In this paper, a brief introd...

متن کامل

Security Controls Applied to Web Service Architectures

Security certification assesses the security posture of a software system to verify its compliance with diverse, pre-specified security controls identified by guidelines from NIST and the US Department of Defense. Service-oriented architectures (SOA) are difficult to certify because they require compliance verification over a mix of local, global, and interaction criteria dictated by the polici...

متن کامل

Validation of a Generic Service Governance Meta Model based on the Comparison of Major Governance Frameworks

The effective governance of organizational capabilities in the areas of Service Management and Service-oriented Architectures (SOA) has been broadly recognized as an essential success factor for service-oriented enterprises. Organizations that target the adoption of an adequate Service Governance approach face the difficulty of selecting from a variety of related frameworks with differing scope...

متن کامل

An Optimized Dynamic Process Model of IS Security Governance Implementation

The year 2011 has witnessed a lot of high profiles data breaches despite the availability of IS security and governance controls, frameworks, standards and models for organisations to choose from; and the technical advances made in intrusion prevention and detection. Taking this issue into account the objective of this paper is to identify and analyse the weaknesses in the IS security defences ...

متن کامل

از پیاده سازی معماری سرویس گرا تا چابکی سازمان با رویکرد مدلسازی پویایی سیستم

SOA is type of architecture that used service to simplify integration activities and use the components for reusable. Companies to survive in the dynamic environment needed to strengthen their organizations through information systems and service-oriented architecture is a way for the integration and effectiveness of the use of information systems and achieve organizational agility. In this pap...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009