ICT Governance Acquisition Requirement Principle: Toward the Selection of the Suitable Exploitation Mode of a Secure e-Business Architecture for Small and Medium Enterprises

Khadraoui, Djamel and Christophe, Feltus (2009): ICT Governance Acquisition Requirement Principle: Toward the Selection of the Suitable Exploitation Mode of a Secure e-Business Architecture for Small and Medium Enterprises.

Preview

PDF MPRA_paper_83343.pdf Download (407kB) | Preview

Abstract

The importance of the Governance of IT is becoming more and more important in the enterprises especially since the accounting scandals of 2002 and more currently through the ongoing market crisis. While all political leaders say that the world economy’s is at grave risk, development are done to firstly elaborate appropriate framework to enforce and guarantee the stability of the financial sector and by extension to all sectors of the industrial economy and secondly, to enhance the governance all of these public and private companies. Sarbanes-Oxley is one of these laws that aims to provide guarantees over the company’s accountability. The ISO/EIC 38500 [14] is one standard that provides a framework for effective governance of IT. This framework provides guiding six principles: Establish responsibilities, Plan to best support the organization, Acquire validly, Ensure performance when required, Ensure conformance with rules and Ensure respect for human factors. The principle “Acquire validly“ aims at ensuring that the acquisition of IT components and of the exploitation mode is realized with the assurance that it is aligned with the business strategy A lot of SME from the industrial but also from the financial sector is still unable to correctively choose the optimal compromise for exploiting their e-business solution regarding their business needs. Effectively, choosing the best way for an IT infrastructure exploitation accordingly with the security requirement is a professional activity that can’t always be appropriately conduct by a SME staff. Although a lot of criteria influence the exploitation mode to be chosen – independency regarding an IT company, cost and profitability of the solution, technology used – security remain the major influencing factor. This document has for objective to analyse the aspects of security measures related to the e-business, according to the geographical place of the e-business architecture: in the company itself, outsourced, or an intermediate place between those two. The first part of this document defines what we understand by "exploitation mode", the second analyses the security aspects related to each component of an e-business architecture according to its exploitation mode, and finally the last part makes an analysis of the security of general architecture, always according to its exploitation mode.

Item Type:	MPRA Paper
Original Title:	ICT Governance Acquisition Requirement Principle: Toward the Selection of the Suitable Exploitation Mode of a Secure e-Business Architecture for Small and Medium Enterprises
English Title:	ICT Governance Acquisition Requirement Principle: Toward the Selection of the Suitable Exploitation Mode of a Secure e-Business Architecture for Small and Medium Enterprises
Language:	English
Keywords:	e-Business, Small and Medium Enterprise, Security, Exploitation Mode, ICT Governance, Acquisition Principle.
Subjects:	L - Industrial Organization > L0 - General Y - Miscellaneous Categories > Y9 - Other Y - Miscellaneous Categories > Y9 - Other > Y90 - Other Z - Other Special Topics > Z0 - General > Z00 - General
Item ID:	83343
Depositing User:	Dr Christophe Feltus
Date Deposited:	19 Dec 2017 05:33
Last Modified:	05 Oct 2019 07:28
References:	T. Dierks, C. Allen, The TLS Protocol version 1.0, Internet Engineering Task Force, January 1999. A. Dulaunoy, T. Fruru et S. Stormacq, OpenSST Message Format, Internet Drafts, December 2002. Feltus, Christophe, Djamel Khadraoui, and Filipe COSTA Pinto. "OpenSST based clearing mechanism for e-business." In Information and Communication Technologies: From Theory to Applications, 2004. Proceedings. 2004 International Conference on, pp. 89-90. IEEE, 2004. Ph. Oechslin, Quelques notions de cryptographie, http://lasecwww.eppfl.ch/securitereseaux/files/s1_07.pdf M. Pablos Martin, T. Pinxteren, P. Robert, Sécurité du commerce électronique, http://www.tele.ucl.ac.be/ELEC2920/2000/E-Commerce/secu_et_e-commerce.html D. O’Mahony, M. Peirce, H. Tewari, Electronic Payment Systems for E-Commerce, second edition, Artech House, 2001. http://www.opensst.org/ Alexandre Dulaunoy, Sébastien Stormacq - OpenSST : Open Simple Secure Transaction, Une approche de réduction de la complexité pour les transactions électroniques. SAR 2003, 30 juin – juillet 2003. Marrakech, Maroc. Feltus, C., Ouedraogo, M. and Khadraoui, D., Towards cyber-security protection of critical infrastructures by generating security policy for SCADA systems. In Information and Communication Technologies for Disaster Management (ICT-DM), 1st International Conference on (pp. 1-8). IEEE. http://atilf.inalf.fr/Dendien/scripts/tlfiv5/showp.exe?63;s=3375760125;p=combi.htm http://www.cetrel.lu http://www.iso.ch International Standard for Corporate Governance of IT (IT Governance) - ISO/IEC 38500
URI:	https://mpra.ub.uni-muenchen.de/id/eprint/83343