Skip to Main content Skip to Navigation
Conference papers

Information Security Risk Management in a World of Services

Abstract : Service Oriented Architectures (SOA) offer new opportunities for the interconnection of systems. However, for a company, opening its Information System to the "world" is not insignificant in terms of security. Whether to use available services or provide its own services, new technologies have introduced new vulnerabilities and therefore new risks. Our work aims to propose an approach for risk management which is based on the ISO/IEC 27005:2011 standard: we propose a development of this standard (by an extension of Annex D) so that it can fully take into account the type "service" as web services and cloud services. Indeed, a world of services is not limited to link interconnected systems, it is more a relationship between customer and supplier, where notions of trust, accountability, traceability and governance are developed. Following this study we introduce a new security criterion, controllability, to ensure that a company keeps control of its information even if it uses such outsourced services.
Document type :
Conference papers
Complete list of metadata

Cited literature [24 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01020244
Contributor : Alban Gabillon <>
Submitted on : Tuesday, July 8, 2014 - 3:12:18 AM
Last modification on : Tuesday, June 22, 2021 - 3:53:15 AM
Long-term archiving on: : Wednesday, October 8, 2014 - 11:10:24 AM

File

article_format_IEEE_cropped.pd...
Files produced by the author(s)

Identifiers

Collections

Citation

Vincent Lalanne, Manuel Munier, Alban Gabillon. Information Security Risk Management in a World of Services. ASE/IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT 2013), Sep 2013, Washington D.C, United States. pp.586-593, ⟨10.1109/SocialCom.2013.88⟩. ⟨hal-01020244⟩

Share

Metrics

Record views

271

Files downloads

1211