Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Security service level agreements: quantifiable security for the enterprise?
Proceedings of the 1999 workshop on New security paradigms
The Ins and Outs of IT Outsourcing
IT Professional
Information security management: a new paradigm
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Evaluation Methodology for the Security of e-Finance Systems
EEE '05 Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05) on e-Technology, e-Commerce and e-Service
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Managing network security - Part 5: Risk management or risk analysis
Network Security
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Dynamics, Robustness and Fragility of Trust
Formal Aspects in Security and Trust
Quantifying and qualifying trust: spectral decomposition of trust networks
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
A general method for assessment of security in complex services
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
A study on usage of IT and its implications on e-procurement in Indian organisations
International Journal of Business Information Systems
Dynamic anomaly detection for more trustworthy outsourced computation
ISC'12 Proceedings of the 15th international conference on Information Security
Engineering Security Agreements Against External Insider Threat
Information Resources Management Journal
| Hi-index | 0.00 |
Nowadays many companies understand the benefit of outsourcing. Yet, in current outsourcing practices, clients usually focus primarily on business objectives and security is negotiated only for communication links. It is however not determined how data must be protected after transmission. Strong protection of a communication link is of little value if data can be easily stolen or corrupted while on a supplier's server. The problem raises a number of related challenges such as: identification of metrics which are more suitable for security-level negotiation, client and contractor perspective and security guarantees in service composition scenarios. These challenges and some others are discussed in depth in the article.