A Thorough Evaluation of the Compatibility of an E−Business Security Negotiations Support Tool

For the benefits of e-business to be fully realized, there are numerous challenges to be overcome particularly with respect to security. Some of the most significant of these difficulties is incurred even before businesses fully enter the joint e-business interactions. A key example is the challenge faced as partnering e-businesses come together initially to share, compare and negotiate on their individual security needs. In previous work, we have proposed a support tool to assist in this activity and streamline several of the difficult security negotiation tasks which arise. This paper aims to advance the research of that tool by engaging in a very detailed evaluation of its compatibility with existing security needs determination methods (commonly, risk management and assessment techniques). Compatibility forms a crucial requirement as it evidences feasibility and yields worthwhile initial feedback on the ultimate usefulness and practicality of the tool.

[1]  Stephen S. Yau,et al.  A Framework for Specifying and Managing Security Requirements in Collaborative Systems , 2006, ATC.

[2]  Chung-Huang Yang,et al.  CORAS for the Research of ISAC , 2008, 2008 International Conference on Convergence and Hybrid Information Technology.

[3]  Ketil Stølen,et al.  The CORAS Model-based Method for Security Risk Analysis , 2006 .

[4]  Karen A. Scarfone,et al.  SP 800-95. Guide to Secure Web Services , 2007 .

[5]  Mario Piattini,et al.  PWSSec: Process for Web Services Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[6]  Karen A. Scarfone,et al.  Guide to Secure Web Services | NIST , 2007 .

[7]  Stefan Fenz,et al.  Ontological Mapping of Information Security Best-Practice Guidelines , 2009, BIS.

[8]  Jane Sinclair,et al.  Supporting the Comparison of Business-Level Security Requirements within Cross-Enterprise Service Development , 2009, BIS.

[9]  Jason R. C. Nurse,et al.  A Solution Model and Tool for Supporting the Negotiation of Security Decisions in E-Business Collaborations , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[10]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[11]  Karen A. Scarfone,et al.  Guide to Secure Web Services , 2007 .

[12]  Jason R. C. Nurse,et al.  Securing e−Businesses that use Web Services − a Guided Tour Through BOF4WSS , 2009 .

[13]  Jason R. C. Nurse,et al.  Evaluating the compatibility of a tool to support e-businesses' security negotiations , 2010 .

[14]  James S. Tiller,et al.  The Ethical Hack: A Framework for Business Value Penetration Testing , 2004 .

[15]  Jason R. C. Nurse A business-oriented framework for enhancing web services security for e-business , 2010 .