Information Security Risk Management in a World of Services

Vincent Lalanne; Manuel Munier; Alban Gabillon

doi:10.1109/SocialCom.2013.88

Communication Dans Un Congrès Année : 2013

Information Security Risk Management in a World of Services

(1) , (1) , (2)

1
2

Vincent Lalanne

Fonction : Auteur
PersonId : 17024
IdHAL : vincent-lalanne
ORCID : 0000-0002-7907-527X
IdRef : 179363735

Laboratoire Informatique de l'Université de Pau et des Pays de l'Adour

Manuel Munier

Fonction : Auteur
PersonId : 22150
IdHAL : manuel-munier
ORCID : 0000-0003-0282-4508
IdRef : 145709256

Laboratoire Informatique de l'Université de Pau et des Pays de l'Adour

Alban Gabillon

Fonction : Auteur
PersonId : 15954
IdHAL : alban-gabillon
ORCID : 0000-0003-2220-0305
IdRef : 106950509

Géopôle du Pacifique Sud

Résumé

Service Oriented Architectures (SOA) offer new opportunities for the interconnection of systems. However, for a company, opening its Information System to the "world" is not insignificant in terms of security. Whether to use available services or provide its own services, new technologies have introduced new vulnerabilities and therefore new risks. Our work aims to propose an approach for risk management which is based on the ISO/IEC 27005:2011 standard: we propose a development of this standard (by an extension of Annex D) so that it can fully take into account the type "service" as web services and cloud services. Indeed, a world of services is not limited to link interconnected systems, it is more a relationship between customer and supplier, where notions of trust, accountability, traceability and governance are developed. Following this study we introduce a new security criterion, controllability, to ensure that a company keeps control of its information even if it uses such outsourced services.

Mots clés

IEC standards ISO standards cloud computing information systems security of data service-oriented architecture ISO/IEC 27005:2011 standard SOA accountability cloud services controllability customer supplier relationship governance information security risk management information system link interconnected systems outsourced services security criterion service oriented architectures system interconnection traceability trust Risk management Simple object access protocol ISO/IEC 27005 cloud information security web services

Domaines

Cryptographie et sécurité [cs.CR]

Fichier principal

article_format_IEEE_cropped.pdf (202.21 Ko)

Origine : Fichiers produits par l'(les) auteur(s)

Alban Gabillon : Connectez-vous pour contacter le contributeur

https://hal.science/hal-01020244

Soumis le : mardi 8 juillet 2014-03:12:18

Dernière modification le : mardi 19 mars 2024-20:22:05

Archivage à long terme le : mercredi 8 octobre 2014-11:10:24

Dates et versions

hal-01020244 , version 1 (08-07-2014)

Identifiants

HAL Id : hal-01020244 , version 1
DOI : 10.1109/SocialCom.2013.88

Citer

Vincent Lalanne, Manuel Munier, Alban Gabillon. Information Security Risk Management in a World of Services. ASE/IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT 2013), Sep 2013, Washington D.C, United States. pp.586-593, ⟨10.1109/SocialCom.2013.88⟩. ⟨hal-01020244⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-PAU GEPASUD UPF LIUPPA

170 Consultations

982 Téléchargements

Information Security Risk Management in a World of Services

Résumé

Mots clés

Domaines

Dates et versions

Identifiants

Citer

Exporter

Collections

Altmetric

Partager