{"title":"面向服务的体系结构的信息安全框架","authors":"J. Chetty, M. Coetzee","doi":"10.1109/ISSA.2010.5588272","DOIUrl":null,"url":null,"abstract":"Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.","PeriodicalId":423118,"journal":{"name":"2010 Information Security for South Africa","volume":"212 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Towards an information security framework for service-oriented architecture\",\"authors\":\"J. Chetty, M. Coetzee\",\"doi\":\"10.1109/ISSA.2010.5588272\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.\",\"PeriodicalId\":423118,\"journal\":{\"name\":\"2010 Information Security for South Africa\",\"volume\":\"212 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Information Security for South Africa\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSA.2010.5588272\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Information Security for South Africa","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSA.2010.5588272","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards an information security framework for service-oriented architecture
Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
