Empirical Evaluation of a Cloud Computing Information Security Governance
Framework
Volume 58, February 2015, Pages 44–57
Oscar Rebollo, Daniel Mellado, Eduardo Fernández-Medina, Haralambos
Mouratidis
Abstract
Context: Cloud computing is a thriving paradigm that supports an efficient way to provide IT services
by introducing on-demand services and flexible computing resources. However, significant adoption
of cloud services is being hindered by security issues that are inherent to this new paradigm. In
previous work, we have proposed ISGcloud, a security governance framework to tackle cloud security
matters in a comprehensive manner whilst being aligned with an enterprise’s strategy.
Objective: Although a significant body of literature has started to build up related to security aspects
of cloud computing, the literature fails to report on evidence and real applications of security
governance frameworks designed for cloud computing environments. This paper introduces a detailed
application of ISGCloud into a real life case study of a Spanish public organisation, which utilizes a
cloud storage service in a critical security deployment.
Method: The empirical evaluation has followed a formal process, which includes the definition of
research questions previously to the framework’s application. We describe ISGcloud process and
attempt to answer these questions gathering results through direct observation and from interviews
with related personnel.
Results: The novelty of the paper is twofold: on the one hand, it presents one of the first applications,
in the literature, of a cloud security governance framework to a real-life case study along with an
empirical evaluation of the framework that proves its validity; on the other hand, it demonstrates the
usefulness of the framework and its impact to the organisation.
Conclusion: As discussed on the paper, the application of ISGCloud has resulted in the organisation
in question achieving its security governance objectives, minimizing the security risks of its storage
service and increasing security awareness among its users.
Keywords: information security governance, case study, cloud computing, security governance
framework, cloud lifecycle
دانلود مقاله Empirical evaluation of a cloud computing information security governance framework انتشار 2015