12 research outputs found

    An Exploratory Study of Web Service Adoption

    Get PDF
    Web Services have the potential to facilitate applications and information to be delivered over the Internet, which can be accessed by disparate devices from handhelds to large servers. Web Services offer a company the capability of conducting business electronically with potential business partners in a multitude of ways at a reasonable cost. Web Services technology is an emerging technology. As a result, there exists some technical papers in Web Services, but behavioral and attitudinal aspects toward Web Services have not been explored. To address behavioral issues, we apply diffusion theory (Moore and Benbasat 1991) and security related research in technology adoption and propose a model. Nine hypotheses are proposed

    Develop a Tool to Measure Web Service Impact

    Get PDF
    Web services represent the next generation of applications with a focus on integration. As companies continue to search for better methods to be cost effective and simplify business and IT operations process, it is critical to identify the factors that impact business operations. In this work, we explore how Web services affect businesses and people. A tool was developed to assess the impact of Web services from security, integrity and task perspectives

    Supporting Compliance through Enhancing Internal Control Systems by Conceptual Business Process Security Modeling

    Get PDF
    The importance of Business Process Modeling (BPM) particularly in sensitive areas combined with the rising impact of legislative requirements on IT operations results in a need to conceptually represent security seman- tics in BPM. We define critical security semantics that need to be incorporated in BPM to aid documentation of security needs and support compliant behavior of security systems. We analyze ways to express such semantics in BPM and their possible role in designing and operating internal control systems, which ensure and document the execution of compliance-related activities. The analysis shows that there are informal, semi-formal and for- mal approaches to represent security semantics in BPM. We consider the informal approaches as best suited to express security objectives and their formal counterparts as best to specify security mechanisms to enforce the objectives. All three groups of approaches have the potential to enhance the expressiveness and informative value of an internal control system

    Information Security Risk Assessment: Towards a Business Practice Perspective

    Get PDF
    Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the ‘leakage’ of information assets. Employees will create and use unofficial assets as part of their day-to-day routines. Furthermore, employees will also possess important knowledge on how to perform their functions within a business process or information system. These are all elements of business ‘practice’, a perspective that would yield a richer and holistic understanding of an organisation’s information assets and vulnerabilities. This perspective is not captured by traditional ISRA methods, leading to an incomplete view of an organisation’s information systems and processes that could prove detrimental and damaging. This paper hence suggests that a business practice perspective be incorporated into ISRA methods in order to identify information leakage, unofficial, critical information assets and critical process knowledge of organisations

    Asset Identification in Information Security Risk Assessment: A Business Practice Approach

    Get PDF
    Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of organizational “assets”. In response, we propose a novel rich description method (RDM) that adopts a less formal and more holistic view of information and knowledge assets that exist in modern work environments. We report on an in-depth case study to explore the potential for improved asset identification enabled by the RDM compared to traditional ISRAs. The comparison shows how the RDM addresses the three key deficiencies of current ISRAs by providing: 1) a finer level of granularity for identifying assets, 2) a broader coverage of assets that reflects the informal aspects of business practices, and 3) the identification of critical knowledge assets

    Information Security Expenditures: a Techno-Economic Analysis

    Get PDF
    Summary Information Security is considered to be an inextricable part of companies' expenditures and there are defined amounts that are invested for its accomplishment, although it is really difficult to determine the best Security Solution. The substantive problem of information security risk is value proportion of information properties or assets. Risk analysis can be approached from two evaluation models: the qualitative and the quantitative. Quantitative analysis refers to the use of numeric calculations and statistical techniques. Qualitative analysis describes methods that consider loss in a subjective form. Without measurement and metrics of information security we will not be able to estimate and process Information Security Strategies. The aims of this paper are to gain an understanding of Quantitative and Qualitative analysis and furthermore to both evaluate and improve the use of those methods

    A business-oriented framework for enhancing web services security for e-business

    Get PDF
    Security within the Web services technology field is a complex and very topical issue. When considering using this technology suite to support interacting e-businesses, literature has shown that the challenge of achieving security becomes even more elusive. This is particularly true with regard to attaining a level of security beyond just applying technologies, that is trusted, endorsed and practiced by all parties involved. Attempting to address these problems, this research proposes BOF4WSS, a Business-Oriented Framework for enhancing Web Services Security in e-business. The novelty and importance of BOF4WSS is its emphasis on a tool-supported development methodology, in which collaborating e-businesses could achieve an enhanced and more comprehensive security and trust solution for their services interactions. This investigation began with an in-depth assessment of the literature in Web services, e-business, and their security. The outstanding issues identified paved the way for the creation of BOF4WSS. With appreciation of research limitations and the added value of framework tool-support, emphasis was then shifted to the provision of a novel solution model and tool to aid companies in the use and application of BOF4WSS. This support was targeted at significantly easing the difficulties incurred by businesses in transitioning between two crucial framework phases. To evaluate BOF4WSS and its supporting model and tool, a two-step approach was adopted. First, the solution model and tool were tested for compatibility with existing security approaches which they would need to work with in real-world scenarios. Second, the framework and tool were evaluated using interviews with industry-based security professionals who are experts in this field. The results of both these evaluations indicated a noteworthy degree of evidence to affirm the suitability and strength of the framework, model and tool. Additionally, these results also act to cement this thesis' proposals as innovative and significant contributions to the research field

    Electronic Contract Administration – Legal and Security Issues Research Report

    Get PDF
    This Report is a deliverable for the CRC for Construction Innovation research project 2005-025-A Electronic Contract Administration – Legal and Security Issues. It considers the security and legal risks that result from the increasing adoption of information and communication technologies (ICT) in the construction industry for e-contracting purposes and makes recommendations to minimise those risks

    A business-oriented framework for enhancing web services security for e-business

    Get PDF
    Security within the Web services technology field is a complex and very topical issue. When considering using this technology suite to support interacting e-businesses, literature has shown that the challenge of achieving security becomes even more elusive. This is particularly true with regard to attaining a level of security beyond just applying technologies, that is trusted, endorsed and practiced by all parties involved. Attempting to address these problems, this research proposes BOF4WSS, a Business-Oriented Framework for enhancing Web Services Security in e-business. The novelty and importance of BOF4WSS is its emphasis on a tool-supported development methodology, in which collaborating e-businesses could achieve an enhanced and more comprehensive security and trust solution for their services interactions. This investigation began with an in-depth assessment of the literature in Web services, e-business, and their security. The outstanding issues identified paved the way for the creation of BOF4WSS. With appreciation of research limitations and the added value of framework tool-support, emphasis was then shifted to the provision of a novel solution model and tool to aid companies in the use and application of BOF4WSS. This support was targeted at significantly easing the difficulties incurred by businesses in transitioning between two crucial framework phases. To evaluate BOF4WSS and its supporting model and tool, a two-step approach was adopted. First, the solution model and tool were tested for compatibility with existing security approaches which they would need to work with in real-world scenarios. Second, the framework and tool were evaluated using interviews with industry-based security professionals who are experts in this field. The results of both these evaluations indicated a noteworthy degree of evidence to affirm the suitability and strength of the framework, model and tool. Additionally, these results also act to cement this thesis' proposals as innovative and significant contributions to the research field.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
    corecore