Title :
Risk management and security in service-based architectures
Author :
Nassar, Pascal Bou ; Badr, Youakim ; Barbar, Kablan ; Biennier, Frédérique
Author_Institution :
INSA-Lyon, Univ. de Lyon, Lyon, France
Abstract :
Improving security and reducing risks in enterprise information systems rely on analysing threats, risks and vulnerabilities to specify appropriate countermeasures. Risk assessments and information security remain a crucial challenge of small enterprise information systems. The problem increases its complexity with medium and large enterprise information systems, and becomes a bottleneck when different partners have to exchange information and collaborate through distributed business processes. In this paper, we distinguish between steady and dynamic environments in which information systems are deployed and monitored. We demonstrate that a global security policy must be adapted at any time to address new changes in dynamic environments cope with new challenges in risk management. We introduce a holistic approach for risk and security management through the definition of service characteristics infrastructure (SCI) including certificate authorities, signed service characteristics, security policies.
Keywords :
Web services; business data processing; information systems; risk management; security of data; certificate authority; distributed business process; enterprise information system; risk management; security; service based architecture; service characteristics infrastructure; signed service characteristic; Communication system security; Costs; Information analysis; Information security; Information systems; Management information systems; Monitoring; Protection; Risk analysis; Risk management;
Conference_Titel :
Advances in Computational Tools for Engineering Applications, 2009. ACTEA '09. International Conference on
Conference_Location :
Zouk Mosbeh
Print_ISBN :
978-1-4244-3833-4
Electronic_ISBN :
978-1-4244-3834-1
DOI :
10.1109/ACTEA.2009.5227927
