Audit Mechanism in Information Security Management System of Cloud


(*) Corresponding author


Authors' affiliations


DOI's assignment:
the author of the article can submit here a request for assignment of a DOI number to this resource!
Cost of the service: euros 10,00 (for a DOI)

Abstract


Cloud computing development has facing an enormous challenge of security issues. Among these, an endpoint security breach in server connection will cause users to lack confidence in the progress of cloud computing. For the issue, we have proposed a PIP mechanism based on an information security management system, network security threats model and PDCA cycle theory to overcome this drawback.  The case study is also provided for preliminary protection of data centers and endpoint host side’s breach in the framework of cloud computing. The contribution aims at the AaaS system can provide preliminary prevention of data centers and endpoint host side’s breach in the framework of cloud computing. Our prevention mechanism, offered from the proactive side of end point machine, not only prevents social engineering attacks but also helps to resolve threats and vulnerabilities.
Copyright © 2017 Praise Worthy Prize - All rights reserved.

Keywords


Cloud Computing; Information Security Management System; Vulnerability

Full Text:

PDF


References


R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg, I. Brandic, Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems, vol. 25, n. 6, 2009, pp. 599-616.
https://doi.org/10.1016/j.future.2008.12.001

J. Shiers, Grid today, clouds on the horizon, Computer Physics Communications, vol. 180, n. 4, 2009, pp. 559-563.
https://doi.org/10.1016/j.cpc.2008.11.027

A. Rosenthal, P. Mork, M.H. Li, J. Stanford, D. Koester, P. Reynolds, Cloud computing: A new business paradigm for biomedical information sharing, Journal of Biomedical Informatics, vol. 43, n. 2, 2010, pp. 342-353.
https://doi.org/10.1016/j.jbi.2009.08.014

V. Chang, Y.-H. Kuo, M. Ramachandran, Cloud computing adoption framework: A security framework for business clouds, Future Generation Computer Systems, vol. 57, 2016, pp. 24-41.
https://doi.org/10.1016/j.future.2015.09.031

J. Yu, X. Xiao, Y. Zhang, From concept to implementation: The development of the emerging cloud computing industry in China, Telecommunications Policy, vol. 40 n. 2–3, 2016, pp. 130-146.
https://doi.org/10.1016/j.telpol.2015.09.009

M. Jensen, J. Schwenk, N. Gruschka, L.L. Iacono, On technical security issues in cloud computing, IEEE International Conference on Cloud Computing, September 21-25, 2009, Bangalore, India.
https://doi.org/10.1109/cloud.2009.60

S. Subashini, V. Kavitha, A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications, vol. 34, n. 1, 2011, pp. 1-11.
https://doi.org/10.1016/j.jnca.2010.07.006

M.A. Khan, A survey of security issues for cloud computing, Journal of Network and Computer Applications, vol. 71, 2016, pp. 11-29.

M. Howard, D, LeBlanc, Writing secure code, 2nd ed. (Microsoft Press, 2003).

S. Singh, Y.-S. Jeong, J. H. Park, A survey on cloud computing security: Issues, threats, and solutions, Journal of Network and Computer Applications, vol. 75, 2016, pp. 200-222.
https://doi.org/10.1016/j.jnca.2016.09.002

S. Northcutt, L. Zeltser, S. Winters, K. Kent, R.W. Ritchey, Inside Network Perimeter Security, 2nd Edition (Sams Publishing, 2005).

R. Shaikh, M. Sasikumar, Trust Model for Measuring Security Strength of Cloud Computing Service, Procedia Computer Science, vol. 45, 2015, pp. 380-389.
https://doi.org/10.1016/j.procs.2015.03.165

J. Backhouse, L. Silva, W.Y. Hsu, Circuits of Power in Creating De Jure Standards: Shaping the International IS Security Standard, Management of Information Systems Quarterly, vol. 30 Special Issue, 2006, pp. 413-438.
https://doi.org/10.2307/25148767

C. A. Sennewald, C. Baillie, 21 - International Security Standards1, Effective Security Management, 6 (Butterworth-Heinemann, 2016, 205-212).

ISO/IEC 27001: Available at: http://www.iso.org/iso/iso_catal ogue/catalogue_tc/ catalogue_detail.htm?csnumber=42103.
https://doi.org/10.3403/30310928

K. Keahey, I. Foster, T. Freeman, X. Zhang, Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid, Scientific Programming, vol. 13 n. 4, 2005, pp. 265-276.
https://doi.org/10.1155/2005/351408

B.H. Krishna, S. Kiran, G. Murali, R.P.K. Reddy, Security Issues in Service Model of Cloud Computing Environment, Procedia Computer Science, vol. 87, 2016, pp. 246-251.
https://doi.org/10.1016/j.procs.2016.05.156

A. Joint, E. Baker, E. Eccles, Hey, you, get off of that cloud?, Computer Law & Security Review, vol. 25 n. 3, 2009, pp. 270-274.
https://doi.org/10.1016/j.clsr.2009.03.001

Amazon Elastic Compute Cloud (EC2), Available at: http://www.amazon.com/gp/browse.html?node=201590011.

Windows Azure, Available at: http://www.microsoft.com/window sazure/.

N. Sultan, Cloud computing for education: A new dawn?, International Journal of Information Management, vol. 30 n. 2, 2010, pp. 109-116.
https://doi.org/10.1016/j.ijinfomgt.2009.09.004

I. Kouatli, “Managing Cloud Computing Environment: Gaining Customer Trust with Security and Ethical Management,” Procedia Computer Science, vol. 91, pp. 412-421, 2016.
https://doi.org/10.1016/j.procs.2016.07.110

N. Stinchcombe, Cloud computing in the spotlight, Infosecurity Today, vol. 6 n. 6, 2009, pp. 30-33.

S. Mansfield-Devine, Danger in the clouds, Network Security, vol. 2008, n. 12, 2008, pp. 9-11.
https://doi.org/10.1016/s1353-4858(08)70140-5

A.R. Brodtkorb, C. Dyken, T.R. Hagen, J.M. Hjelmervik, O.O. Storaasli, State-of-the-art in heterogeneous computing, Sci. Program., vol. 18, n. 1, 2010, pp. 1-33.
https://doi.org/10.1155/2010/540159

O. Rebollo, D. Mellado, E. Fernández-Medina, and H. Mouratidis, Empirical evaluation of a cloud computing information security governance framework, Information and Software Technology, vol. 58, 2015, pp. 44-57.
https://doi.org/10.1016/j.infsof.2014.10.003


Refbacks

  • There are currently no refbacks.



Please send any question about this web site to info@praiseworthyprize.com
Copyright © 2005-2023 Praise Worthy Prize