Selecting Web services with security compliances: A managerial perspective

Abstract

This paper proposes a framework of a decision support system (DSS) for the assessment process of selecting Web services with security compliances consistent with the enterprise business goal. The proposed DSS framework is a systematic assessment model which could aid IS managers in making decision on which Web services would most likely meet the security requirements of their information systems. The proposed process is based on the standard ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation. The framework consists of five components: (i) Identification of security objectives; (ii) Formulation of criteria; (iii) Selection of candidate Web services; (iv) Security profiling of Web services; and (v) Variance analysis engine. The framework is presented with a running example to demonstrate the applicability of the approach.