A Survey on Quantitative Evaluation of Web Service Security

The number of web services available on the Internet has grown rapidly. Service consumers face a hard decision over which service to choose among the available ones. Security holds a key after various vulnerabilities have been exploited by attackers on number of notable web services. This paper carries out a survey on how security has been expressed and promised for web services, through both the Web Service Description Language and Service Level Agreements. It reviews existing technologies used for comparing individual web services, as well as for service compositions. Taking security into account further complicates the already difficult process of choosing the right service. The paper reveals that despite existing efforts, a quantitative solution needs to be established urgently in order to help service consumers to choose the most secure service for them to use

E-Government evaluation factors: Citizen’s perspective

The e-government field is growing to a considerable size, both in its contents and position with respect to other research fields. The government to citizen segment of egovernment is taking the lead in terms of its importance and size. Like the evaluation of all other information systems initiatives, the evaluation of egovernments in both theory and practice has proved to be important but complex. The complexity of evaluation is mostly due to the multiple perspectives involved, the difficulties of quantifying benefits, and the social and technical context of use. The importance of e-government evaluation is due to the enormous investment of governments on delivering e-government services, and to the considerable pace of growing in the e-government field. However, despite the importance of the evaluation of e-government services, literature shows that e-government evaluation is still an immature area in terms of development and management. This work is part of a research effort that aims to develop a holistic evaluation framework for e-government systems. The main aim of this paper is to investigate the citizen’ perspective in evaluating e-government services, and present a set of evaluating factors that influence citizens’ utilization of e-government services. These evaluation factors can serve as part of an e-government evaluation framework. Moreover, the evaluation factors can also be used as means of providing valuable feedback for the planning of future egovernment initiatives

Analyse the risks of ad hoc programming in web development and develop a metrics of appropriate tools

Today the World Wide Web has become one of the most powerful tools for business promotion and social networking. As the use of websites and web applications to promote the businesses has increased drastically over the past few years, the complexity of managing them and protecting them from security threats has become a complicated task for the organizations. On the other hand, most of the web projects are at risk and less secure due to lack of quality programming. Although there are plenty of frameworks available for free in the market to improve the quality of programming, most of the programmers use ad hoc programming rather than using frameworks which could save their time and repeated work. The research identifies the different frameworks in PHP and .NET programming, and evaluates their benefits and drawbacks in the web application development. The research aims to help web development companies to minimize the risks involved in developing large web projects and develop a metrics of appropriate frameworks to be used for the specific projects. The study examined the way web applications were developed in different software companies and the advantages of using frameworks while developing them. The findings of the results show that it was not only the experience of developers that motivated them to use frameworks. The major conclusions and recommendations drawn from this research were that the main reasons behind web developers avoiding frameworks are that they are difficult to learn and implement. Also, the motivations factors for programmers towards using frameworks were self-efficiency, habit of learning new things and awareness about the benefits of frameworks. The research recommended companies to use appropriate frameworks to protect their projects against security threats like SQL injection and RSS injectio

Integrating customer relationship management strategies in (B2C) e-commerce environments

Creating value and generating a total customer experience(TCE ) is important for E -Commerce in order to attract customers. However, with increasing competition in the marketplace, it is becoming increasingly difficult to retain customers. E-Commerce, therefore, should focus on continuously providing value to the customers to build long-term relationships and reduce customer defections. We have evaluated five E -Banking sites from the UK finance industry and have shown that an organisation whose Web site is usable in HCI terms (that satisfies the Web Design heuristics / E -Commerce guidelines) might not always generate a TCE . It is important that along with usability heuristics, customer relationship management (CRM) strategies are integrated into the design of E-Commerce sites. In this paper, we have applied the service quality (SERVQUAL ) framework from the relationship marketing literature for deriving customer relationship enhancing heuristics which can be integrated into the design of E -Commerce environments

An investigation of e-government progress in Oman: A survey of public sector workers

E-government has become increasingly pervasive in modern society and it has emerged as an effective means of delivering government services to citizens. While most early e-government efforts were concentrated on developed countries, in the recent past, it has also become popular in many developing countries. Most notably are the Middle Eastern countries that have continued to invest significantly into e-government initiatives in the last five years; the Sultanate of Oman is one such example. However, although large investments have been made since 2003 to facilitate the implementation of electronic services in the public sector in Oman, only limited progress has been made in terms of realising fully functional e-government. The aim of this paper is to identify the factors that are currently influencing the development and implementation of e-government in Oman using a quantitative survey-based empirical study in three key public service agencies in Muscat, the capital of Oman. The research identified ten different factors that were influencing the progress of the national e-government project, e-Oman, from the viewpoint of government employees. The most salient of these factors was the Omani IT workforce capability and the citizens' trust and confidence in using e-services

Applying Real Options Thinking to Information Security in Networked Organizations

An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiation of authorized users of these assets. We assume that the primary objective of security efforts in a company is improving and sustaining resiliency, which means security contributes to the ability of an organization to withstand discontinuities and disruptive events, to get back to its normal operating state, and to adapt to ever changing risk environments. When companies collaborating in a value web view security as a business issue, risk assessment and cost-benefit analysis techniques are necessary and explicit part of their process of resource allocation and budgeting, no matter if security spendings are treated as capital investment or operating expenditures. This paper contributes to the application of quantitative approaches to assessing risks, costs, and benefits associated with the various components making up the security strategy of a company participating in value networks. We take a risk-based approach to determining what types of security a strategy should include and how much of each type is enough. We adopt a real-options-based perspective of security and make a proposal to value the extent to which alternative components in a security strategy contribute to organizational resiliency and protect key information assets from being impeded, disrupted, or destroyed

Enabling quantitative data analysis through e-infrastructures

This paper discusses how quantitative data analysis in the social sciences can engage with and exploit an e-Infrastructure. We highlight how a number of activities which are central to quantitative data analysis, referred to as ‘data management’, can benefit from e-infrastructure support. We conclude by discussing how these issues are relevant to the DAMES (Data Management through e-Social Science) research Node, an ongoing project that aims to develop e-Infrastructural resources for quantitative data analysis in the social sciences

Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model