A RISK BASED APPROACH FOR SELECTING SERVICES IN BUSINESS PROCESS EXECUTION

The vision of automated business processes within a service-oriented paradigm includes the flexible orchestration of IT services. Whenever alternative services are available for activities in an ITsupported business process, an automated decision is worth aspiring to. According to valueoriented management, this decision should be motivated economically and also requires taking account of risk. This paper presents a novel approach for assessing the risk of IT services, based on vulnerability information as can be obtained in the form of publicly available Common Vulnerability Scoring System (CVSS) data

Information security: a stakeholder network perspective

Despite existing approaches and techniques for securing corporate information assets, information security threats continue to challenge business and government. Research suggests that to improve the effectiveness of information security a clear understanding of the organisational context is required. We have used stakeholder salience and stakeholder networks lenses to identify key stakeholders who shaped the information security processes of a large Australian financial institution. We have also examined how the interrelationships between these stakeholders might impact on their role in a stakeholder network. Our research suggests that a number of key stakeholders exist who require attention and engagement from those responsible for information security. We also highlight several stakeholders that have traditionally been given lower priority, but should be seen as more important due to their positioning and influence on the stakeholder network. We suggest that a better understanding more concerted engagement with these stakeholders can assist information security teams in achieving organisational security objectives