Integrated Security Process Improvement Framework for Systems and Services

Integrated Security Process Improvement Framework for Systems and Services

Muthu Ramachandran (School of Computing, Creative Technologies and Engineering, Faculty of Arts, Environment and Technology, Leeds Metropolitan University, Leeds, UK)
DOI: 10.4018/ijssoe.2014010104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Security of systems and services has been dominant research area in recent years as today's cloud services, big data and networked systems, especially when they provide wireless application access where personal and confidential data to be transmitted across the networked systems. Numerous tools and technologies are available to ensure system's security; however, external threats to computer systems and applications residents thereon, are also becoming more and more sophisticated and on the increase. Therefore, the key aim of this research is to integrate security engineering techniques and process with systems development life-cycle and process improvement frameworks. This paper presents a framework that consists of two components: 1) a security assessment model to looks at the existing security infrastructure of an organisation to determine its security maturity level; and 2) a security improvement maturity model to suggest an improvement mechanism for the organisation to progress from one maturity level to the next higher level. The intention is to provide a scheme to improve the organisation's Systems and network security with the aim that it becomes more efficient and effective than before.
Article Preview

1. Introduction

In the information society of the 21st century, the information and communication technologies have revolutionised human lives. Wireless telephony, cloud computing, mobile clouds, electronic commerce and online transactions are now common place and within easy reach of general public. All this has become possible through the proliferation of computing technologies and use of the Systems. There is no doubt that World Wide Web, or the Systems, is the binding and enabling force behind all this.

Since the use of the Systems is growing, the demand for the associated products, applications and services is also growing. As a bi-product, the concerns with respect to the security of information, confidentiality of data and reliability of services are also growing. Previously, when the computing systems were used as standalone devices, the security concerns amounted to only the physical security (i.e. fear of getting it damaged, getting it stolen, etc). Now, however, because of interconnectivity of computing equipment on a global basis, there are serious concerns with respect to security of networks (including the Systems), theft of data, cyber terrorism and so on. Although, network managers and security experts are doing their best to ensure that transactions are safe, networks are secure and malicious damage to data, services, applications and equipment is eliminated, hackers and cyber terrorists are also becoming more intelligent and finding new ways of breaking and getting into computing systems. The technologies that exist for the benefit of citizens are, ironically, the same technologies that hackers are using for their malicious acts. To ensure the security of Systems applications and the use of Systems, many approaches has been employed including systems such as the following:

  • Intrusion detection mechanisms

  • Intrusion prevention schemes

  • Firewalls and Filters

  • Virus detection and removal software

  • Build-In security (software security engineering)

However, SecurityFocus (2013) has reported on percentage of vulnerability attacks for operating systems attacks account for 9% vulnerability, web-based software systems attacks account for 61% vulnerability, and other applications attacks account for 30% vulnerability. Similarly, Popović and Hocenski (2010) have reported an analysis of results from IDC ranking of security challenges that 87.5% responded to demand for cloud security against on-demand cloud services. This confirms the importance of cloud security against cloud services.

Cloud computing has emerged to provide a more cost effective solution to businesses and services while making use of inexpensive computing solutions which combines pervasive, internet, and virtualisation technologies. Cloud computing has spread to catch up with another technological evolution as we have witnessed internet technology which has revolutionised communication and information super highway. Cloud computing is emerging rapidly and software as a service paradigm has increasing its demand for more services. However, this new trend needs to be more systematic with respect to software engineering and its related process. For example, current challenges that are faced with cyber security and application security flaws, lessons learned and best practices can be adopted. Similarly, as the demand for cloud services increases and so increased importance sought for security and privacy. The business of cloud technology can only be sustained if we can maintain balance between demand for services in-line with improved cloud security and privacy.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017): 3 Released, 1 Forthcoming
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing