Service-oriented architecture defines a paradigm for building applications by assembling autonomous components such as web services to create web service compositions. Web services are executed in complex contexts where unforeseen events may compromise the security of the web services composition. If such compositions perform critical functions, prompt action may be required as new security threats may arise at runtime. Manual interventions may not be ideal or feasible. To automatically decide on valid security changes to make at runtime, the composition needs to make use of current security context information. Such security changes are referred to as dynamic adaptation. This research proposes a framework to develop web services compositions that can dynamically adapt to maintain the same level of security when unforeseen security events occur at runtime. The framework is supported by mechanisms that map revised security requirements arising at runtime to a new security configuration plan that is used to adapt the web services composition.