The security of information systems is the set of measures and controls that are put in place to ensure confidentiality, integrity, and availability of the information being processed and/or stored by the information systems. These measures and controls span across various domains such as technical, organizational, legal, and societal. A security infrastructure is deployed to assure the protection of information systems by mitigating risks to the information assets. It is developed to meet the objectives of the security policy that is defined on the basis of the risks analysis carried-out in line with the threats analysis. There is no single security mechanism that can answer all the security requirements. A range of these mechanisms include ciphering (cryptography), access control, trusted functionalities, security monitoring, incidence response, and audit trails.
The notion of trust in the information systems has been receiving increasing attention ever since the open environments are gaining grounds in the computing world. The comoditisation of the computing resources offers fascinating prospects for the individuals and businesses, where they can use inexpensive computing environments at no total cost of ownership (TCO). However, the downsides of this paradigm are the concerns related to data protection and privacy issues. The stakes are much higher when it comes to the personal, social, financial, or business interests. It is therefore necessary to develop trust between the providers and consumers of information services in the cyberspace. Trust is no doubt a subjective judgement of humans, technology can nevertheless play a significant role in resolving trust issues by providing reliable means such as security testing (e.g. penetration testing), and monitoring of service level agreements (SLA).
It is important to remember that security is not a product, it is a process that should be regularly revised and updated. It is the quality of security services that constitute the basis of trust in the information systems.
Syed Naqvi, Arnaud Michot, Michael Van de Borne, Analysing Impact of Scalability and Heterogeneity on the Performance of Federated Cloud Security, 4th IEEE International Workshop on Security in e-Science and e-Research (ISSR 2012) in conjunction with The 2012 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-2012), Liverpool, UK, 25-27 June 2012 (accepted) (Software Services Technologies, Cloud Computing, Software and System Engineering, Scientific papers, BonFIRE)
Syed Naqvi, Gautier Dallons, Christophe Ponsard, Digital Investigations for Enterprise Information Architectures, The Sixth International Conference on Digital Society (ICDS 2012), January 30 - February 4, 2012 - Valencia, Spain, accepted (Software Services Technologies, Software and System Engineering, Scientific papers)
Syed Naqvi, Digital Investigations and Forensic Analysis - Practices and Technologies, Sixth International Conference on Digital Society (ICDS 2012), January 30 - February 4, 2012 - Valencia, Spain, accepted. (Communication scientifique)
Massonet P., Michot A., Naqvi S., Villari M., Latanicki J., Securing the External Interfaces of a Federated Infrastructure Cloud, In Open Source Cloud Computing Systems: Practices and Paradigms, Vaquero L., Hierro J., Cáceres J. (Eds.), accepted for publication, 2012 (Software Services Technologies, Cloud Computing, Software and System Engineering, Scientific papers)
Massonet P., Naqvi S., Ponsard C., Latanicki J., Rochwerger B., Villari M., A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures, IEEE Workshop on Dependable Parallel, Distributed and Network-Centric Systems 2011 (DPDNS 2011), In conjunction with the IEEE International Parallel and Distributed Processing Symposium, Anchorage, Alaska, USA, 16-20 May 2011 (accepted) (Cloud Computing, Software and System Engineering, Scientific papers)
Naqvi S. "Designing Efficient Security Services Infrastructure for Virtualization Oriented Architectures, in Pervasive Information Security and Privacy Developments : Trends and Advancements (chapter 11), IGI Global Publisher, USA. ISBN 978-1-61692-000-5 (Hardback) ; ISBN 978-1-61692-001-2 (ebook), 2011. (Software and System Engineering, Scientific papers)
Naqvi S., Dallons G., Michot A., Ponsard C., Using Organisational Security Policy for Ensuring Privacy of Electronic Health Records, The International eHealth, Telemedicine and Health ICT Forum For Education, Networking and Business (Med-e-Tel) 2011, Luxembourg, 6-8 April 2011. (Health, Software and System Engineering, Communication scientifique)
Naqvi S., Dallons G., Ponsard C., "Protecting Corporate ICT Infrastructures by using Digital Forensics", IEEE International Conference on Computer Information Systems and Industrial Management Applications 2010 (IEEE-CISIM’2010), Krakow, Poland, 8-10 October 2010. (Software and System Engineering, Scientific papers)
De Landtsheer R, Ponsard C, Massonet P., "Deriving Event-Based Usage Control Policies from Declarative Security Requirements Models", Second International Workshop on Security in Model Driven Architecture, University of Pierre & Marie Curie, Paris, France, June 16th 2010. (Software and System Engineering, Communication scientifique, Model Driven Engineering)