Name
Abstract | ||
|---|---|---|
Service Oriented Architecture (SOA) is a design paradigm that enables applications to be built from business processes to support enterprise architecture. This architecture introduces information security challenges that are not comprehensively addressed by current best-practices. This paper evaluates if an Information Security Management System (ISMS), defined by the international standard ISO/IEC 27001 and 27002 can be used to comprehensively support Information Security governance for SOA. As SOA governance, a separate and distinct governance framework, also addresses information security to a certain extent, managers are faced the difficult task of deciding whether their SOA sufficiently protected by the different frameworks. The conclusion is that information security for SOA needs to be addressed more holistically, following an Enterprise Information Security Architecture (EISA) approach where Enterprise Architecture (EA) is concerned with the design of the overall architectural vision of an organization. The framework chosen for this purpose is SABSA, a well-known enterprise security architecture. Using the example of access control to highlight challenges, it becomes clear that Information Security governance for SOA can benefit from an approach such as SABSA. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/ARES.2012.62 | ARES |
Keywords | Field | DocType |
holistic information security governance,distinct governance framework,information security management system,information security governance,information security,support information security governance,information security challenge,soa governance,enterprise architecture,well-known enterprise security architecture,enterprise information security architecture,authorisation,sabsa,governance,isms,soa,service oriented architecture | Enterprise architecture,Computer science,Computer security,Sherwood Applied Business Security Architecture,Information security,Information security management,Enterprise architecture framework,Enterprise information security architecture,SOA governance,Enterprise architecture management | Conference |
Citations | PageRank | References |
1 | 0.38 | 0 |
Authors | ||
1 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Marijke Coetzee | 1 | 35 | 14.10 |