Towards an information security framework for service-oriented architecture

2010 Information Security for South Africa Pub Date : 2010-09-30 DOI:10.1109/ISSA.2010.5588272

J. Chetty, M. Coetzee

{"title":"Towards an information security framework for service-oriented architecture","authors":"J. Chetty, M. Coetzee","doi":"10.1109/ISSA.2010.5588272","DOIUrl":null,"url":null,"abstract":"Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"212 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Information Security for South Africa","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSA.2010.5588272","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.

查看原文本刊更多论文

面向服务的体系结构的信息安全框架

面向服务的体系结构支持分布式异构环境，其中业务事务发生在松散连接的服务之间。为这种环境确保安全的基础设施是一项挑战。目前有各种处理信息安全的方法，每种方法都有自己的优点和困难。此外，机构可以采用以供应商为基础的资讯保安架构，以协助他们实施适当的资讯保安控制。不幸的是，面向服务的体系结构还没有采用标准的信息安全框架。分析了面向服务的体系结构所面临的信息安全挑战。提出了面向服务的体系结构环境下的信息安全组件。这些组件是根据面向服务的体系结构设计原则、ISO/IEC 27002:2005标准和其他面向服务的体系结构治理框架共同开发的。信息安全框架可以帮助组织确定面向服务的体系结构的信息安全控制，与当前的ISO/IEC 27002:2005标准保持一致。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Information Security for South Africa

自引率

0.00%

发文量