By Topic

Tackling the Loss of Control: Standards-Based Conjoint Management of Security Requirements for Cloud Services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Muller, I. ; Fac. of Inf. & Commun. Technol., Swinburne Univ. of Technol., Hawthorn, VIC, Australia ; Han, J. ; Schneider, J.-G. ; Versteeg, S.

The loss of control over information assets is a major security and privacy concern in the Cloud. Service consumers typically have no insights which controls protect their information assets and how effectively. To tackle this challenge, we propose an approach where service providers and consumers conjointly manage security requirements for a Cloud service following the ISO 27001 standard for information security management. We have developed a security management platform that provides tool support for service providers and consumers (i) to specify and consolidate security requirements and (ii) to collect, measure, analyse and report information about the effectiveness of implemented controls. By involving service consumers in management activities following an international standard, our approach helps service providers to increase transparency and traceability of their security measures whereas service consumers gain much-needed insights in the protection of their information assets. The applicability of our approach is demonstrated with an example scenario.

Published in:

Cloud Computing (CLOUD), 2011 IEEE International Conference on

Date of Conference:

4-9 July 2011