A survey of data provenance in e-science
ACM SIGMOD Record
Enterprise SOA: Service-Oriented Architecture Best Practices (The Coad Series)
Enterprise SOA: Service-Oriented Architecture Best Practices (The Coad Series)
Security in Computing (4th Edition)
Security in Computing (4th Edition)
The Black Swan: The Impact of the Highly Improbable
The Black Swan: The Impact of the Highly Improbable
The provenance of electronic data
Communications of the ACM - The psychology of security: why do good users make bad decisions?
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Managed Evolution: A Strategy for Very Large Information Systems
Managed Evolution: A Strategy for Very Large Information Systems
13 Years of SOA at Credit Suisse: Lessons Learned-Remaining Challenges
ECOWS '11 Proceedings of the 2011 IEEE Ninth European Conference on Web Services
Advances and challenges in log analysis
Communications of the ACM
Idempotence is not a medical condition
Communications of the ACM
| Hi-index | 0.00 |
Multi-national enterprises, like financial services companies, operate large and critical information systems around the globe on a 24/7 basis. In an information-based business, even a single inadequately designed, implemented, tested and operated business application can put the existence of the enterprise at risk. For adequately securing the integrity of business critical information and hence ensuring that such information is meaningful, accurate and timely, we present our risk assessment and controls framework: First, we introduce our criticality rating scheme that is based on the recoverability from integrity failures. For dealing with dependencies among applications, we present our approach based on services given a Service-Oriented Architecture (SOA). Second, we provide an overview of our design-related controls including a data analytics approach to continuously audit the most critical information assets. Finally, we present our learnings from a first implementation of the presented framework.