BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

Business and Information System Alignment Theories Built on eGovernment Service Practice: An Holistic Literature Review

© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.This chapter examines previous studies of alignment between business and information systems holistically in relation to the development of working associations among professionals from information system and business backgrounds in business organization and eGovernment sectors while investigating alignment research that permits the development and growth of information system, which is appropriate, within budget and on-time development. The process of alignment plays a key role in the construction of dependent associations among individuals from two different groups, and the progress of alignment could be enhanced by emerging an information system according to the investors’ prospects. The chapter presents system theory to gather and analyze the data across the designated platforms. The outcomes classify that alignment among business and information system departments remains a priority and is of worry in different ways in diverse areas, which provides prospects for the forthcoming discussion and research.Final Published versio

Application of the internet technology and client/server paradigm for the implementation of REPI

There are many problems associated with Requirements Engineering such as defining the system scope, developing understanding among the communities involved in the system to be built, volatility of requirements etc. These problems may lead to poor requirements and therefore cancellation of the system development, or else the development of a system that is unsatisfactory, has high maintenance cost or is unacceptable. By improving Requirements Elicitation, the Requirements Engineering can be improved, leading to a better requirements specification and eventually a better product. Requirements Elicitation requires effective communication among the team members, as communication is the key factor. Easing communications between stakeholders and developers makes the process of Requirements Elicitation easier. REPI guides team members through the elicitation phase using the SEI\u27s framework. REPI forces stakeholders to explicitly describe the requirements resulting in reduced chances of misunderstood requirements, leading to better requirements specification

A business-oriented framework for enhancing web services security for e-business

Security within the Web services technology field is a complex and very topical issue. When considering using this technology suite to support interacting e-businesses, literature has shown that the challenge of achieving security becomes even more elusive. This is particularly true with regard to attaining a level of security beyond just applying technologies, that is trusted, endorsed and practiced by all parties involved. Attempting to address these problems, this research proposes BOF4WSS, a Business-Oriented Framework for enhancing Web Services Security in e-business. The novelty and importance of BOF4WSS is its emphasis on a tool-supported development methodology, in which collaborating e-businesses could achieve an enhanced and more comprehensive security and trust solution for their services interactions. This investigation began with an in-depth assessment of the literature in Web services, e-business, and their security. The outstanding issues identified paved the way for the creation of BOF4WSS. With appreciation of research limitations and the added value of framework tool-support, emphasis was then shifted to the provision of a novel solution model and tool to aid companies in the use and application of BOF4WSS. This support was targeted at significantly easing the difficulties incurred by businesses in transitioning between two crucial framework phases. To evaluate BOF4WSS and its supporting model and tool, a two-step approach was adopted. First, the solution model and tool were tested for compatibility with existing security approaches which they would need to work with in real-world scenarios. Second, the framework and tool were evaluated using interviews with industry-based security professionals who are experts in this field. The results of both these evaluations indicated a noteworthy degree of evidence to affirm the suitability and strength of the framework, model and tool. Additionally, these results also act to cement this thesis' proposals as innovative and significant contributions to the research field