Title :
Integrating Security Risk Management into Business Process Management for the Cloud
Author :
Goettelmann, Elio ; Mayer, Nicolas ; Godart, Claude
Author_Institution :
LORIA - INRIA Grand Est, Univ. de Lorraine, Vandoeuvre-lès-Nancy, France
Abstract :
Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effectively treat security issues at the early phases of the Information System construction. We focus on cloud brokers, emerging actors of the cloud delivery model, who enhance and aggregate existing cloud services to match them with their cloud consumers´ requirements. Our main goal is to provide them with tools and techniques to increase the global security level of an IS through different risk treatment strategies.
Keywords :
business data processing; cloud computing; globalisation; information systems; risk management; security of data; business process management; cloud brokers; cloud computing; cloud consumer requirements; cloud delivery model; cloud services; global security; information system construction; risk treatment strategies; security risk management; sensitive information handling; Cloud computing; Companies; Context; Information systems; Risk management; Security; Business Process Management; Cloud Computing; Security Risk Management;
Conference_Titel :
Business Informatics (CBI), 2014 IEEE 16th Conference on
Conference_Location :
Geneva
DOI :
10.1109/CBI.2014.29
