Governance of information security elements in service-oriented enterprise architecture

This paper identifies and analyzes governance roles and tasks in SOA security governance at macro level. Drawing from Information Security Management standards and frameworks on one hand and SOA considerations on the other hand, the identified governance elements are mapped to a governance structure that specifies planning and execution aspects at four organizational decision-making levels, resulting in a prescriptive model with practical relevance. This constructive study combines theoretical models and standards with industry experience of the authors. © 2009 IEEE.