Abstract
Service-oriented architectures support distributed
heterogeneous environments where business transactions occur
among loosely connected services. Ensuring a secure
infrastructure for this environment is challenging. There are
currently various approaches to addressing information security,
each with its own set of benefits and difficulties. Additionally,
organisations can adopt vendor-based information security
frameworks to assist them in implementing adequate information
security controls. Unfortunately, there is no standard
information security framework that has been adopted for
service-oriented architectures.
This paper analyses the information security challenges faced by
service-oriented architectures. Information security components
for a service-oriented architecture environment are proposed.
These components were developed collectively from serviceoriented
architecture design principles, the ISO/IEC 27002:2005
standard, and other service-oriented architecture governance
frameworks. The information security framework can assist
organisations in determining information security controls for
service-oriented architectures,