Risk Management for Outsourcing to the Cloud Security Risks and Safeguards as Selection Criteria for Extern Cloud Services

被引：1

作者：

Viehmann, Johannes ^{[1
]}

机构：

[1] Fraunhofer Inst Open Commun Syst FOKUS, SQC, Berlin, Germany

来源：

2014 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW) | 2014年

关键词：

Risk Management; Risk Assessment; Outsourcing; Cloud; Security;

D O I：

10.1109/ISSREW.2014.80

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

This short paper describes our ongoing research about security risk management for IT projects which might eventually take benefit from outsourcing to external Cloud services. Choosing appropriate, secure enough Cloud services from multiple offers might be difficult. Hence, we develop the Cloud Security Guide CSG to assist. It contains a specialized methodology for Cloud risk assessment supporting particularly the extraction of security relevant information from user contracts or terms and conditions of public Cloud services. Discovering that many providers fail to communicate their safeguards, we also decided to develop a provider's guide for risk management and for the communication of risk treatments.

引用

页码：293 / 295

页数：3

共 14 条

[1]

[Anonymous], 2018, ISO 31000

[2]

[Anonymous], 2010, 2010 IEEE 2 INT C CL, DOI DOI 10.1109/CLOUDCOM.2010.66

[3]

Bouti A., 1994, INT J RELIAB QUAL SA, V1, P515, DOI DOI 10.1142/S0218539394000362

[4]

BSI, 2013, IT GRUNDSCH CAT

[5]

BSI, 2014, PREL VERS M IN PRESS

[6]

Dataset] MITRE Corp, 2006, COMM WEAKN EN CWE CO

[7]

International Electrotechnical Commission, 1995, 6030039 IEC

[8]

International Electrotechnical Commission, 1990, 61025 IEC

[9]

International Organization for Standardization, 2009, ISO GUID RISK MAN VO

[10]

Jansen W.A., 2011, guidelines on security and privacy in public cloud computing

← 1 2 →