Advertisement

A Case Study Analysis of an E-Business Security Negotiations Support Tool

Chapter
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 90)

Abstract

Active collaboration is undoubtedly one of the most important aspects within e-business. In addition to companies collaborating on ways to increase productivity and cut costs, there is a growing need for in-depth discussion and negotiations on their individual and collective security. This paper extends previous work on a tool aimed at supporting the cross-enterprise security negotiations process. Specifically, our goal in this article is to briefly present a case study analysis and evaluation of the usage of the tool. This provides further real-world insight into the practicality of the tool and the solution model which it embodies.

Keywords

Case study e-business negotiations IT risk management systems Security actions and requirements Solution model 

References

  1. 1.
    PricewaterhouseCoopers LLP. Information Security Breaches Survey 2010 [Online]. Available: http://www.pwc.co.uk/eng/publications/isbs_survey_2010.html
  2. 2.
    Tiller JS (2005) The ethical hack: a framework for business value penetration testing. Auerbach Publications, Boca RatonGoogle Scholar
  3. 3.
    Nurse JRC, Sinclair JE (2009) BOF4WSS: a business-oriented framework for enhancing web services security for e-Business. In: 4th International Conference on Internet and Web Applications and Services. IEEE Computer Society, pp 286–291Google Scholar
  4. 4.
    Nurse JRC, Sinclair JE (2009) Securing e-Businesses that use web services—a guided tour through BOF4WSS. Int J Adv Internet Technol 2(4):253–276Google Scholar
  5. 5.
    Steel C, Nagappan R, Lai R (2005) Core security patterns: best practices and strategies for J2EETM, web services and identity management. Prentice Hall PTR, Upper Saddle RiverGoogle Scholar
  6. 6.
    Gutierrez C, Fernandez-Medina E, Piattini M (2006) PWSSec: process for web services security. In: IEEE International Conference on Web Services, pp 213–222Google Scholar
  7. 7.
    Nurse JRC, Sinclair JE (2010) A solution model and tool for supporting the negotiation of security decisions in e-business collaborations. In: 5th International Conference on Internet and Web Applications and Services. IEEE Computer Society, pp 13–18Google Scholar
  8. 8.
    Nurse JRC, Sinclair JE (2010) Evaluating the compatibility of a tool to support e-businesses’ security negotiations. In: Lecture notes in engineering and computer science: Proceedings of the World Congress on Engineering 2010, WCE 2010, London, UK, pp 438–443Google Scholar
  9. 9.
    Yau SS, Chen Z (2006) A framework for specifying and managing security requirements in collaborative systems. In: Yang LT, Jin H, Ma J, Ungerer T (eds) Autonomic and trusted computing, ser. lecture notes in computer science, vol 4158. Springer, Heidelberg, pp 500–510CrossRefGoogle Scholar
  10. 10.
    Todd M, Zibert E, Midwinter T (2006) Security risk management in the BT HP alliance. BT Technol J 24(4):47–52CrossRefGoogle Scholar
  11. 11.
    Nurse JRC, Sinclair JE (2009) Supporting the comparison of business-level security requirements within cross-enterprise service development. In: Abramowicz W (ed) Business information systems, ser. lecture notes in business information processing, vol 21. Springer, Heidelberg, pp 61–72Google Scholar
  12. 12.
    DCSSI (2004) Expression des besoins et identification des objectifs de securite (EBIOS)—Section 1–5, Secretariat General de la Defense Nationale. Direction Centrale de la Securitec des Systecmes D’Information, Technical ReportGoogle Scholar
  13. 13.
    den Braber F, Braendeland G, Dahl HEI, Engan I, Hogganvik I, Lund MS, Solhaug B, Stolen K, Vraalsen F (2006) The CORAS model-based method for security risk analysis. SINTEF, Technical ReportGoogle Scholar
  14. 14.
    Federal Office for Information Security (BSI). IT-Grundschutz Manual [Online]. Available: https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html
  15. 15.
    National Institute of Standards and Technology (NIST) (2002) Risk management guide for information technology systems (Special Publication 800-30), Technical ReportGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2011

Authors and Affiliations

  1. 1.Department of Computer ScienceWarwick UniversityCoventryUK

Personalised recommendations