DocumentCode
565077
Title
A new methodology for security evaluation in cloud computing
Author
Ristov, Sasko ; Gusev, Marjan ; Kostoska, Magdalena
Author_Institution
Fac. of Inf. Sci. & Comput. Eng., Ss. Cyril & Methodius Univ., Skopje, Macedonia
fYear
2012
fDate
21-25 May 2012
Firstpage
1484
Lastpage
1489
Abstract
Cloud service providers (CSPs) and cloud customers (CCs) are not only exposed to existing security risks but to new risks introduced by clouds, like multi-tenancy, virtualization and data outsourcing. Several international and industrial standards target information security and their conformity with cloud computing security challenges. We give an overview of these standards and evaluate their completeness. As a result we propose a new extension to the ISO 27001:2005 standard including a new control objective about virtualization applicable for cloud systems. We also define a new quantitative metric and evaluate the importance of existing ISO 27001:2005 control objectives if customer services are hosted on-premise or in cloud. Our conclusion is that obtaining the ISO 27001:2005 certificate is not enough for CSP and CC information security systems, especially in business continuity detriment that cloud computing produces and propose new solutions that mitigate the risks.
Keywords
business continuity; cloud computing; outsourcing; risk analysis; security of data; virtualisation; ISO 27001:2005 certificate; ISO 27001:2005 control objectives; ISO 27001:2005 standard; business continuity detriment; cloud computing; cloud customers; cloud service providers; data outsourcing; industrial standards; information security; international standards; multitenancy; security evaluation; security risks; virtualization; Cloud computing; Companies; ISO standards; Information security; NIST; Information Security Management; Security Assessment; Security Standards; Virtualization;
fLanguage
English
Publisher
ieee
Conference_Titel
MIPRO, 2012 Proceedings of the 35th International Convention
Conference_Location
Opatija
Print_ISBN
978-1-4673-2577-6
Type
conf
Filename
6240887
Link To Document