Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Abstract: Many government agencies (GAs) increasingly rely on external computing, communications and storage services supplied by service providers (SPs) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but … Show more

“…Due to the lack of previous studies on the concept of assurance in service provisioning, a qualitative analysis based on the grounded theory approach was conducted to develop principles and framework from the data derived from two empirical studies in [4] [16]. Each empirical study was conducted in different settings and participant groups.…”

“…Another certification for public procurement is based on the industry-standard ISO/IEC 27001 [3,5]. Such certification is a requirement for public procurement-related services and information technology systems for Indonesian government agencies [4]. However, the certification scheme is intended for certifying information security management systems (ISMS) for a specific scope but not suited to addressing emerging threats and vulnerabilities.…”

“…Two empirical studies were conducted in [16,4] with a total of 50 participants to explore opinions on how to incorporate the Government's data confidentiality requirements into SLA contexts.…”

“…Nugraha et al [1] show that government security needs, such as non-disclosure agreements (NDAs), trustworthy system certifications, and information security agreements, have been proposed to address security within supplier agreements. However, both NDAs and certification schemes are not well suited to the service scenario because such schemes do not fit into dynamic environments [2] and are not sufficient to address emerging threats and vulnerabilities in a dynamic threat environment [3,4]. Furthermore, the information security agreement is solely for mutual trust and understanding of the restricted use of confidential material, knowledge, or information between parties.…”

“…The first Grounded Delphi study was conducted by asking 35 government participants via group discussions and individual sessions [16]. The second Grounded Delphi study [4] was performed by inviting 15 participants from the five selected service providers that provide external information system services to government agencies. Therefore, this paper presents principles as foundations for a TDSLA capability framework that can provide a significant opportunity to advance the understanding of incorporating the Government's data confidentiality requirements into SLAs.…”

Towards a framework for trustworthy data security level agreement in cloud procurement

“…Due to the lack of previous studies on the concept of assurance in service provisioning, a qualitative analysis based on the grounded theory approach was conducted to develop principles and framework from the data derived from two empirical studies in [4] [16]. Each empirical study was conducted in different settings and participant groups.…”

“…Another certification for public procurement is based on the industry-standard ISO/IEC 27001 [3,5]. Such certification is a requirement for public procurement-related services and information technology systems for Indonesian government agencies [4]. However, the certification scheme is intended for certifying information security management systems (ISMS) for a specific scope but not suited to addressing emerging threats and vulnerabilities.…”

“…Two empirical studies were conducted in [16,4] with a total of 50 participants to explore opinions on how to incorporate the Government's data confidentiality requirements into SLA contexts.…”

“…Nugraha et al [1] show that government security needs, such as non-disclosure agreements (NDAs), trustworthy system certifications, and information security agreements, have been proposed to address security within supplier agreements. However, both NDAs and certification schemes are not well suited to the service scenario because such schemes do not fit into dynamic environments [2] and are not sufficient to address emerging threats and vulnerabilities in a dynamic threat environment [3,4]. Furthermore, the information security agreement is solely for mutual trust and understanding of the restricted use of confidential material, knowledge, or information between parties.…”

“…The first Grounded Delphi study was conducted by asking 35 government participants via group discussions and individual sessions [16]. The second Grounded Delphi study [4] was performed by inviting 15 participants from the five selected service providers that provide external information system services to government agencies. Therefore, this paper presents principles as foundations for a TDSLA capability framework that can provide a significant opportunity to advance the understanding of incorporating the Government's data confidentiality requirements into SLAs.…”

Towards a framework for trustworthy data security level agreement in cloud procurement

Cybersecurity service level agreements: understanding government data confidentiality requirements

Inclusive Security Models To Building E-Government Trust