A best practices-oriented approach for establishing trust chains within Virtual Organisations

Abstract

Within a virtual organisation collaborative environment, the organisations' security domains must be interconnected through Internet and information and communication technologies to allow these organisations to share data and exchange resources and competencies in a secure way. Each organisation must open its information system and thus, security concerns are raised when setting up collaboration. The partner organisations need to establish a chain of trust; they need to know the level of experience and maturity the administrators have regarding security issues. Security practices, security policies, Information Security Management Systems and security standards are the security management mechanisms adopted to offer to partners a way to quantify trust. In this paper, we detail our tool tailored to evaluate the maturity level of the security practices deployed within the organisations' information systems; this tool is based on the information security best practices provided by the ISO/IEC 17799 security standard which we have adapted to virtual organisations. Our tool is a support decision system providing the partner organisations by the means to choose the best solution for building the collaborative network.