Mehdi Snene, University of Geneva, Switzerland

Services security is often assimilated to a set of software solutions (Firewall, data encryption.) but rarely consider the organizational security rules as a fundamental part of the Services security policy. With the increasing use of new Services architectures (Open Services architecture, distributed database, multi web server, multi-tier application servers) security leaks become crucial and every security problem is harmful to the organization business continuity. To reduce and detect major security risks at an earlier step of the Services project, our approach is based on different knowledge exchange between end users, analyst, designers and developers collaborating at the Services project. The knowledge is mainly oriented to the detection of weak signals inside the organization. In this paper, we present the different knowledge surroundings an Services project and a knowledge pattern structure that can be used for the formalization aspects of the established exchange that should be established during the Services project between the different participants.

Information Systems, Services security, Project life cycle, Knowledge pattern.