A Risk-Aware Decision Model for Service Sourcing (Short Paper)

With cloud computing becoming more than a buzz word and other modern IT service solutions catching on in enterprise environments, decision support models lag behind. Modern IT service landscapes with their loosely coupled services, short-term contracting and on-demand service provisioning have added an additional layer of complexity in service sourcing decision processes and thus require a new form of risk management and decision support for service sourcing. The necessity to determine the right service and provider combination for any given situation in a timely fashion has become even more eminent. The contribution of this research is a decision model for service sourcing that integrates risk and cost information of innovative software services into the decision rationale.

[1]  Simson L. Garfinkel,et al.  An Evaluation of Amazon's Grid Computing Services: EC2, S3, and SQS , 2007 .

[2]  Sebastian Speiser,et al.  Service Contract Automation , 2010, AMCIS.

[3]  Markus Lammers,et al.  Make, Buy or Share , 2004, Wirtschaftsinf..

[4]  Eric Dubois,et al.  A Systematic Approach to Define the Domain of Information System Security Risk Management , 2010, Intentional Perspectives on Information Systems Engineering.

[5]  Vijayan Sugumaran,et al.  Ontology-Based QoS Aggregation for Composite Web Services , 2013, Wirtschaftsinformatik.

[6]  T. Saaty How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[7]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[8]  Joseph L. Hellerstein,et al.  Using Control Theory to Achieve Service Level Objectives In Performance Management , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[9]  Nicolas Mayer,et al.  Alignment of Misuse Cases with Security Risk Management , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[10]  Eric K. Clemons,et al.  Making the Decision to Contract for Cloud Services: Managing the Risk of an Extreme Form of IT Outsourcing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[11]  Ralf Hannemann,et al.  Mindestanforderungen an das Risikomanagement (MaRisk) : eine einführende Kommentierung , 2006 .

[12]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[13]  Jochen Martin,et al.  Risk in modern IT service landscapes: Towards a dynamic model , 2012, 2012 Fifth IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[14]  Miguel Mira da Silva,et al.  Risk Management Model in ITIL , 2011, CENTERIS.

[15]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[16]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[17]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[18]  Benjamin Blau,et al.  Efficient QoS Aggregation in Service Value Networks , 2012, 2012 45th Hawaii International Conference on System Sciences.

[19]  Gerhard Knolmayer,et al.  A Hierarchical Planning Procedure Supporting the Selection of Service Providers in Outtasking Decisions , 1997 .

[20]  Heiko Ludwig,et al.  The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services , 2003, Journal of Network and Systems Management.

[21]  Nikolay Borissov,et al.  Cloud Computing – A Classification, Business Models, and Research Directions , 2009, Bus. Inf. Syst. Eng..

[22]  E. Triantaphyllou,et al.  Ranking irregularities when evaluating alternatives by using some ELECTRE methods , 2008 .

[23]  Laurie Hirsch,et al.  Enterprise Cloud Computing , 2013 .

[24]  Robert J. Kauffman,et al.  An Interdisciplinary Perspective on IT Services Management and Service Science , 2010, J. Manag. Inf. Syst..