DocumentCode
1725892
Title
Towards a Holistic Information Security Governance Framework for SOA
Author
Coetzee, Marijke
Author_Institution
Acad. of Comput. Sci. & Software Eng., Univ. of Johannesburg, Johannesburg, South Africa
fYear
2012
Firstpage
155
Lastpage
160
Abstract
Service Oriented Architecture (SOA) is a design paradigm that enables applications to be built from business processes to support enterprise architecture. This architecture introduces information security challenges that are not comprehensively addressed by current best-practices. This paper evaluates if an Information Security Management System (ISMS), defined by the international standard ISO/IEC 27001 and 27002 can be used to comprehensively support Information Security governance for SOA. As SOA governance, a separate and distinct governance framework, also addresses information security to a certain extent, managers are faced the difficult task of deciding whether their SOA sufficiently protected by the different frameworks. The conclusion is that information security for SOA needs to be addressed more holistically, following an Enterprise Information Security Architecture (EISA) approach where Enterprise Architecture (EA) is concerned with the design of the overall architectural vision of an organization. The framework chosen for this purpose is SABSA, a well-known enterprise security architecture. Using the example of access control to highlight challenges, it becomes clear that Information Security governance for SOA can benefit from an approach such as SABSA.
Keywords
IEC standards; authorisation; corporate modelling; service-oriented architecture; EISA; ISMS; SABSA; SOA; access control; enterprise information security architecture; holistic information security governance framework; information security challenge; information security management system; international standard ISO/IEC 27001; international standard ISO/IEC 27002; overall architectural vision; service oriented architecture; Access control; ISO standards; Information security; Organizations; Service oriented architecture; 27001; 27002; ISMS; SABSA; SOA; governance;
fLanguage
English
Publisher
ieee
Conference_Titel
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location
Prague
Print_ISBN
978-1-4673-2244-7
Type
conf
DOI
10.1109/ARES.2012.62
Filename
6329176
Link To Document