Security and Trust in IT Business Outsourcing: a Manifesto

Electronic Notes in Theoretical Computer Science

Volumn 179, Issue , 2007, Pages 47-58

  Karabulut, Y ^a   Kerschbaum, F ^a   Massacci, F ^b   Robinson, P ^a   Yautsiukhin, A ^b  

^a SAP RESEARCH   (Germany)

^b UNIVERSITY OF TRENTO   (Italy)

Author keywords

Business Process Outsourcing; Protection Level Agreement; Security; Security Metrics

Indexed keywords

BUSINESS OBJECTIVES; PROTECTION LEVEL AGREEMENT; SECURITY GUARANTEES; SECURITY METRICS;

ADMINISTRATIVE DATA PROCESSING; CLIENT SERVER COMPUTER SYSTEMS; COMPUTER SYSTEM FIREWALLS; DATA TRANSFER; OUTSOURCING;

SECURITY OF DATA;

EID: 34250776507     PISSN: 15710661     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.entcs.2006.08.030     Document Type: Article

References (31)

1. Alberts, C. J. and A. J. Dorofee, OCTAVE Criteria, Technical Report CMU/SEI-2001-TR-016, CERT (2001).
2. Atkinson, B., et al. "Web Services Security," Microsoft, IBM, VeriSign, 1.0 edition (2002)
3. Bellare, M. and B. Yee, Forward integrity for secure audit logs, Technical report, University of California at San Diego (1997).
4. Bowles, J., Outsourcing for competitive advantage, available via http://www.vmc.com/articles/Forbes%20Advertorial.pdf (2004).
5. Bussani, A., et al. Trusted Virtual Domains: Secure Foundations for Business and IT Services, Technical Report RC23792, IBM (2005).
6. Butler, S. A., Security attribute evaluation method, Technical Report CMU-CS-03-132, Carnegie Mellon University (2003).
7. Casola, V., A. Mazzeo, N. Mazzocca and M. Rak, A SLA evaluation methodology in Service Oriented Architectures, in: Proc. of QoP. (2005).
8. CISWG, Report of the best practices and metrics teams, Technical Report CS1/05-0005, Government reform comittee (2004).
9. Cohen, F., Managing network security - part 5: Risk management or risk analysis, Network Sec. 1997 (1997), pp. 15-19.
10. Eloff, J. and M. Eloff, Information Security Management - A New Paradigm, in: Proc. of SAICSIT, 2003, pp. 130 - 136.
11. Goth, G., The ins and outs of it outsourcing, IT Professional 1 (1999), pp. 11 - 14.
12. Griffin, J. L., et al. Trusted virtual domains: Toward secure distributed services, in: Proc. of HotDep, Yokohama, Japan, 2005.
13. Henning, R., Security service level agreements: quantifiable security for the enterprise?, in: Proc. of NSPW (2000), pp. 54-60.
14. ISO/IEC, "Information technology Security techniques Evaluation criteria for IT security," (2001).
15. ISO/IEC, "Common Criteria for Information Technology Security Evaluation," Common Criteria Project Sponsoring Organisations, 2.2 edition (2004).
16. Johansson, E. and P. Johnson, Assessment of enterprise information security - an architecture theory diagram definition, in: Proc. of CSER, 2005.
17. Karjoth, G., et al Service-oriented assurance comprehensive security by explicit assurances, in: Proc. of QoP. (2005).
18. Leach, J., TBSE - an engineering approach to the design of accurate and reliable security systems, Comp. & Sec. 23 (2004), pp. 22-28.
19. List, W., The common criteria - good, bad or indifferent?, Inform. Sec. Technical Report 2 (1997), pp. 19-23.
20. Lutchen, M., IT Outsourcing: The Importance of Retaining a Strong Management Capability, Part One (of Three), available via http://www.pwc.com 2005.
21. Madan, B. B., et al. A method for modeling and quantifying the security attributes of intrusion tolerant systems, Performance evaluation journal 1-4 (2004), pp. 167-186.
22. Massacci, F., J. Mylopoulos and N. Zannone, Hierarchical hippocratic databases with minimal disclosure for virtual organizations, The VLDB J. (2006), to appear.
23. Naedele, M., Standards for xml and web services security, IEEE Comp. 36 (2003), pp. 96-98.
24. Ortalo, R., Y. Deswarte and M. Kaaniche, Experimenting with quantitative evaluation tools for monitoring operational security, TSE 25 (1999), pp. 633-650.
25. Pai, T. M., Outsourcing for competitive advantage: Are you missing a business opportunity?, available via http://www.infosys.com/events/ MDPAI%20pres%5F5%20Nov%5FSpore.ppt (2001).
26. Sadeghi, A.-R. and C. Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms (2005), pp. 67-77.
27. SSE-CMM, "Systems Security Engineering Capability Maturity Model - SSE-CMM Model Document," Carnegie Mellon University, version 3.0 edition (2003).
28. Stoneburner, G., A. Goguen and A. Feringa, Risk management guide for information technology systems, Technical Report 800-30, Nat. Institute of Standards and Technology (2001).
29. Swanson, M., et al Security metrics guide for information technology systems, Technical Report 800-55, Nat. Institute of Standards and Technology (2003).
30. Wang, Y. and P. K. Ray, Evaluation methodology for the security of e-finance systems, in: Proc. of EEE (2005).
31. Yankelovich, P., Global Top Decision-Makers Study on Business Process Outsourcing, available via http://www.colthr.com/files/ Business%5FProcess%5FOutsourcing.pdf (1999).