基于服务架构中的风险管理和安全性

2009 International Conference on Advances in Computational Tools for Engineering Applications Pub Date : 2009-07-15 DOI:10.1109/ACTEA.2009.5227927

Pascal Bou Nassar, Y. Badr, K. Barbar, F. Biennier

{"title":"基于服务架构中的风险管理和安全性","authors":"Pascal Bou Nassar, Y. Badr, K. Barbar, F. Biennier","doi":"10.1109/ACTEA.2009.5227927","DOIUrl":null,"url":null,"abstract":"Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.","PeriodicalId":308909,"journal":{"name":"2009 International Conference on Advances in Computational Tools for Engineering Applications","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Risk management and security in service-based architectures\",\"authors\":\"Pascal Bou Nassar, Y. Badr, K. Barbar, F. Biennier\",\"doi\":\"10.1109/ACTEA.2009.5227927\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.\",\"PeriodicalId\":308909,\"journal\":{\"name\":\"2009 International Conference on Advances in Computational Tools for Engineering Applications\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Advances in Computational Tools for Engineering Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACTEA.2009.5227927\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Advances in Computational Tools for Engineering Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACTEA.2009.5227927","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

提高企业信息系统的安全性和降低风险，依赖于对威胁、风险和漏洞的分析，以制定适当的对策。风险评估和信息安全仍然是小型企业信息系统面临的重要挑战。该问题在大中型企业信息系统中变得更加复杂，并且在不同的合作伙伴必须通过分布式业务流程交换信息和协作时成为瓶颈。在本文中，我们区分了部署和监控信息系统的稳定环境和动态环境。我们证明，全球安全政策必须随时进行调整，以应对动态环境中的新变化，应对风险管理中的新挑战。我们通过定义服务特征基础设施(SCI)引入了一种全面的风险和安全管理方法，包括证书颁发机构、签名服务特征、安全策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Risk management and security in service-based architectures

Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of Service Characteristics Infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 International Conference on Advances in Computational Tools for Engineering Applications

自引率

0.00%

发文量