Deakin University
Browse

File(s) under permanent embargo

Tackling the loss of control: Standards-based conjoint management of security requirements for cloud services

conference contribution
posted on 2011-09-29, 00:00 authored by I Müller, J Han, Jean-Guy Schneider, S Versteeg
The loss of control over information assets is a major security and privacy concern in the Cloud. Service consumers typically have no insights which controls protect their information assets and how effectively. To tackle this challenge, we propose an approach where service providers and consumers conjointly manage security requirements for a Cloud service following the ISO 27001 standard for information security management. We have developed a security management platform that provides tool support for service providers and consumers (i) to specify and consolidate security requirements and (ii) to collect, measure, analyse and report information about the effectiveness of implemented controls. By involving service consumers in management activities following an international standard, our approach helps service providers to increase transparency and traceability of their security measures whereas service consumers gain much-needed insights in the protection of their information assets. The applicability of our approach is demonstrated with an example scenario.

History

Event

IEEE Cloud Computing. International Conference (4th : 2011 : Washington, D.C.)

Pagination

573 - 581

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Location

Washington, D.C.

Place of publication

Piscataway, N.J.

Start date

2011-07-04

End date

2011-07-09

ISBN-13

9780769544601

Language

eng

Publication classification

E1.1 Full written paper - refereed

Copyright notice

2011, IEEE

Title of proceedings

Proceedings of IEEE 4th International Conference on Cloud Computing

Usage metrics

    Research Publications

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC