Conference item
Investigating security capabilities in service level agreements as trust-enhancing instruments
- Abstract:
- Many government agencies (GAs) increasingly rely on external computing, communications and storage services supplied by service providers (SPs) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but overlook security in SLAs. In this paper, we investigated ‘real world’ SLAs in terms of security guarantees between GAs and external SPs, using Indonesia as a case study. This paper develops a grounded adaptive Delphi method to clarify the current and potential attributes of security-related SLAs that are common among external service offerings. To this end, we conducted a longitudinal study of the Indonesian government auctions of 59 e-procurement services from 2010-2016 to find ‘auction winners’. Further, we contacted five selected major SPs (n = 15 participants) to participate in a three-round Delphi study. Using a grounded theory analysis, we examined the Delphi study data to categorise and generalise the extracted statements in the process of developing propositions. We observed that most of the GAs placed significant importance on service availability, but security capabilities of the SPs were not explicitly expressed in SLAs. Additionally, the GAs often use the provision of service availability to demand additional security capabilities supplied by the SPs. We also observed that most of the SPs found difficulties in addressing data confidentiality and integrity in SLAs. Overall, our findings call for a proposition-driven analysis of the Delphi study data to establish the foundation for incorporating security capabilities into security-related SLAs.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 1.2MB, Terms of use)
-
- Publisher copy:
- 10.1007/978-3-319-59171-1_6
Authors
+ Indonesian Ministry of Communications and Information
Technology
More from this funder
- Grant:
- Directorate of Information Security
- Publisher:
- Springer, Cham
- Host title:
- IFIPTM 2017: Trust Management XI
- Journal:
- IFIPTM 2017: Trust Management XI More from this journal
- Volume:
- 505
- Pages:
- 57-75
- Series:
- IFIP Advances in Information and Communication Technology
- Publication date:
- 2017-05-20
- Acceptance date:
- 2017-03-06
- DOI:
- ISSN:
-
1868-4238
- ISBN:
- 9783319591704
- Keywords:
- Pubs id:
-
pubs:702209
- UUID:
-
uuid:813c97e9-2ed1-4801-8397-3734c65b5fd4
- Local pid:
-
pubs:702209
- Source identifiers:
-
702209
- Deposit date:
-
2017-11-03
Terms of use
- Copyright holder:
- IFIP International Federation for Information Processing
- Copyright date:
- 2017
- Notes:
- Copyright © 2017 IFIP International Federation for Information Processing. This is the accepted manuscript version of the paper. The final version is available online from Springer at: [https://doi.org/10.1007/978-3-319-59171-1_6
If you are the owner of this record, you can report an update to it here: Report update to this record