ISGcloud: a Security Governance Framework for Cloud Computing

被引:8
作者
Rebollo, Oscar [1 ]
Mellado, Daniel [2 ]
Fernandez-Medina, Eduardo [3 ]
机构
[1] Minist Labour & Immigrat, Social Secur IT Management, Madrid, Spain
[2] Spanish Tax Agcy, Large Taxpayers Dept, IT Auditing Unit, Madrid, Spain
[3] Univ Castilla La Mancha, Dept Informat Technol & Syst, GSyA Res Grp, E-13071 Ciudad Real, Spain
来源
COMPUTER JOURNAL | 2015年 / 58卷 / 10期
关键词
information security governance; secure cloud governance; cloud computing; security governance framework; cloud lifecycle; INTRUSION DETECTION; SYSTEM;
D O I
10.1093/comjnl/bxu141
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Security risks to organizations' information assets are hindering the development of cloud computing services. A comprehensive security governance process is needed to foster the massive adoption of cloud services and to facilitate the deployment of a security culture within any company. In this paper, we present a framework focused on the security governance of the cloud computing environment (ISGcloud), which has been built upon standards. Its principal components are based on the ISO/IEC 38500 governance standard and on the ISO/IEC 27036 outsourcing security draft. We propose a systematic collection of activities and their related tasks which detail how security governance can be deployed during the entire cloud service lifecycle. Furthermore, the whole framework is formally modelled following the SPEM 2.0 specification that provides a standardized interface with which to automate and integrate our proposed process. The theoretical definition of our proposal is also accompanied by a practical example of its application, which provides specific details of ISGcloud framework's implementation.
引用
收藏
页码:2233 / 2254
页数:22
相关论文
共 50 条
[41]   Cloud Computing: Security Model Comprising Governance, Risk Management and Compliance. [J].
Al-Anzi, Fawaz S. ;
Yadav, Sumit Kr. ;
Soni, Jyoti .
2014 INTERNATIONAL CONFERENCE ON DATA MINING AND INTELLIGENT COMPUTING (ICDMIC), 2014,
[42]   Cloud computing and cloud security in China [J].
Zhang, Shaohe ;
Jiang, Cuenyun ;
Wang, Ruxin .
ADVANCES IN MATERIALS, MACHINERY, ELECTRONICS II, 2018, 1955
[43]   A Survey of Cloud Computing and Cloud Security [J].
Sui, Xin ;
Sui, Yi .
PROCEEDINGS OF THE 2018 8TH INTERNATIONAL CONFERENCE ON MANAGEMENT, EDUCATION AND INFORMATION (MEICI 2018), 2018, 163 :284-287
[44]   Cloud Computing: Cloud Security to Trusted Cloud [J].
Wu Jiyi ;
Shen Qianli ;
Zhang Jianlin ;
Xie Qi .
NEW TRENDS AND APPLICATIONS OF COMPUTER-AIDED MATERIAL AND ENGINEERING, 2011, 186 :596-600
[45]   Security event correlation approach for cloud computing [J].
Ficco, M. (massimo.ficco@unina2.it), 1600, Inderscience Enterprises Ltd., 29, route de Pre-Bois, Case Postale 856, CH-1215 Geneva 15, CH-1215, Switzerland (07) :173-185
[46]   Security and Privacy in Cloud Computing: Technical Review [J].
Abdulsalam, Yunusa Simpa ;
Hedabou, Mustapha .
FUTURE INTERNET, 2022, 14 (01)
[47]   A Novel Methodology for Security and Privacy of Cloud Computing and its use in e-Governance [J].
Mukherjee, K. ;
Sahoo, G. .
PROCEEDINGS OF THE 2012 WORLD CONGRESS ON INFORMATION AND COMMUNICATION TECHNOLOGIES, 2012, :561-566
[48]   Cloud computing : security challenges [J].
Bouayad, Anas ;
Blilat, Asmae ;
el Houda Mejhed, Nour ;
El Ghazi, Mohammed .
2012 COLLOQUIUM ON INFORMATION SCIENCE AND TECHNOLOGY (CIST'12), 2012, :26-31
[49]   Research On Cloud Computing And Security [J].
Yu, Ting-ting ;
Zhu, Ying-Guo .
2012 11TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING AND APPLICATIONS TO BUSINESS, ENGINEERING & SCIENCE (DCABES), 2012, :314-316
[50]   Cloud Computing and Security Measure [J].
Meetei, Mutum Zico .
2013 6TH INTERNATIONAL CONGRESS ON IMAGE AND SIGNAL PROCESSING (CISP), VOLS 1-3, 2013, :852-857
12345