Title :
An applied methodology for information security and assurance: A study case for cloud computing
Author :
Villalon-Fonseca, Ricardo ; Solano-Rojas, Braulio J. ; Marin-Raventos, Gabriela
Author_Institution :
OTIC - ECCI, Univ. de Costa Rica, San Jose, Costa Rica
Abstract :
Information security is one of the main concerns in many fields of computer and information technologies, and even more on new emerging technologies such as cloud computing. Current security standards and models usually focus on "what" has to be done about security, but they do not propose "how" to deal with the inherent complexity of assuring modern infrastructures. Security standards usually produce large check lists describing security countermeasures, but they lack a comprehensive and complete process to define the security requirements of information being managed. As a consequence, security implementations may miss important security controls, and they cannot guarantee a consistent and in-depth security implementation at the different layers of the system. We propose a methodology with a novel hierarchical approach to guide a comprehensive and complete assurance process. Real use cases are shown, by applying our methodology to assure a private cloud being developed at the Universidad de Costa Rica (UCR).
Keywords :
cloud computing; security of data; UCR; Universidad de Costa Rica; assurance process; cloud computing; computer technologies; hierarchical approach; information assurance; information security; information technologies; private cloud; security controls; security countermeasures; security requirements; security standards; Cloud computing; Computational modeling; Hardware; Information security; Servers; Standards; Cloud Computing; Information Assurance; Methodology; Requirement Analysis; Security;
Conference_Titel :
Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for
Conference_Location :
London
DOI :
10.1109/ICITST.2014.7038851
