Introducing the Information Security Management System in Cloud Computing Environment

Numerous organizations coordinate and certify their information security systems according to the Information Security Management System (ISMS) standard. Available Cloud Computing Services (CCSs) include new types of vulnerability (management, virtualization, sprawl, etc.) and differ in management requirements from other computational systems. Establishing a consistent security management framework (SMF) and information security management system (ISMS) in CC environment is a complicated, demanding and time-consuming process. Every experience from applying ISMS standard solutions is certainly useful, but not enough to entirely cover all security requirements of the customers and Cloud Service Provider (CSP). Attempts of establishing an integrated and consistent SMF and ISMS in CC environment have not been researched in-depth in recent available literature. In this paper, authors suggested a framework for an establishing quality management system (QMS) of CCSs, including CC SMF and CC ISMS, proactive digital forensic (DF), proactive and predictive security controls and corporate DF investigation process up to the level specified in Service Level Agreement (SLA).