Abstract

Security problems and risks arising when using web services are inevitable due to the openness of the Internet. Traditional security mechanisms must be complemented by specific security structures. In solving this problem, it is necessary to focus on international standards, which contain the best techniques, practices and recommendations for ensuring the security of web services. The work reviewed three existing international standards and one internationally recognized US national standard in the field of information security. These standards address key aspects of standardization, such as security protocols, authentication methods, data encryption, and access control mechanisms. One of the fundamental standards in the field of information security, ISO/IEC 27001:2022, which sets criteria for information security management systems, is disclosed. The international standard ISO/IEC 27034, which consists of seven parts, is also considered. Each part of the standard focuses on a specific aspect of application information security. An analysis of the ISO 20078 standard, consisting of four parts, was carried out. This standard provides organizations and systems with a web services security model. The paper examines the US National Institute of Standards and Technology document 800-95 - the NIST SP 800-95 standard, which provides guidance on risk management, authentication, access control and encryption, adaptable to various types of web services. The issue of standardization of information security of web services by various international consortia and organizations is discussed. Generally recognized information security standards are the basis for organizing secure interaction for both the provider and the consumer of web services.