Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with the concept of using proper measurement for a cloud security assurance model. We demonstrate how this approach can be applied, not only to the approach under review, but how it may be applied to address other cloud security requirements.

[1]  Martin Gilje Jaatun,et al.  How Much Cloud Can You Handle? , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[2]  Surendra Arjoon,et al.  Corporate Governance: An Ethical Perspective , 2005 .

[3]  Peter G. Neumann,et al.  Computer-related risks , 1994 .

[4]  George T. Willingmyre Section 11. International standards at the crossroads , 1997, STAN.

[5]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .

[6]  Graeme G. Shanks,et al.  A case analysis of information systems and security incident responses , 2015, Int. J. Inf. Manag..

[7]  Amiram Gill,et al.  Corporate Governance as Social Responsibility: A Research Agenda , 2007 .

[8]  Frank Doelitzscher,et al.  Sun Behind Clouds - On Automatic Cloud Security Audits and a Cloud Audit Policy Language , 2013 .

[9]  Martin Gilje Jaatun,et al.  Information security incident management: Current practice as reported in the literature , 2014, Comput. Secur..

[10]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[11]  Martin Gilje Jaatun,et al.  A farewell to trust: An approach to confidentiality control in the Cloud , 2011, 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE).

[12]  Bob Duncan,et al.  Company Management Approaches — Stewardship or Agency: Which Promotes Better Security in Cloud Ecosystems? , 2015, IEEE CLOUD 2015.

[13]  Ans Kolk,et al.  Sustainability, Accountability and Corporate Governance: Exploring Multinationals' Reporting Practices , 2008 .

[14]  Martin Gilje Jaatun,et al.  Passing the Buck: Outsourcing Incident Response Management , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[15]  Frank Pallas,et al.  An Agency Perspective to Cloud Computing , 2014, GECON.

[16]  Bruce Schneier,et al.  The Future of Incident Response , 2014, IEEE Secur. Priv..

[17]  Measurement , 2007 .

[18]  Reyes Zuniga,et al.  Outsourced incident management services , 2015 .

[19]  David J. Pym,et al.  Developing a Conceptual Framework for Cloud Security Assurance , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[20]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[21]  Martin Gilje Jaatun,et al.  Security Incident Information Exchange for Cloud Services , 2016, IoTBD.

[22]  Raymond W Y Kao Stewardship-Based Economics , 2007 .

[23]  John R. Boyd,et al.  Organic Design for Command and Control , 2005 .

[24]  Bob Duncan,et al.  Information Security in the Cloud: Should We be Using a Different Approach? , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[25]  Industrial Strategy Information security breaches survey , 2013 .

[26]  Bob Duncan,et al.  The Importance of Proper Measurement for a Cloud Security Assurance Model , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[27]  Morten Huse,et al.  Accountability and Creating Accountability: A Framework for Exploring Behavioural Perspectives of Corporate Governance , 2005 .

[28]  J. Boyd,et al.  A Discourse on Winning and Losing , 1987 .

[29]  Robert A. K. Duncan,et al.  Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail , 2016, CLOUD 2016.

[30]  David J. Pym,et al.  Structured Systems Economics for Security Management , 2010, WEIS.

[31]  Bob Duncan,et al.  Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement , 2015, TrustCom 2015.

[32]  F. Chapin,et al.  Principles of ecosystem stewardship : resilience-based natural resource management in a changing world , 2009 .

[33]  Bob Duncan,et al.  Reflecting on Whether Checklists Can Tick the Box for Cloud Security , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[34]  Muthu Ramachandran,et al.  A resiliency framework for an enterprise cloud , 2016, Int. J. Inf. Manag..

[35]  Andrew Charlesworth,et al.  Accountability as a Way Forward for Privacy Protection in the Cloud , 2009, CloudCom.

[36]  Bob Duncan,et al.  Compliance with standards, assurance and audit: does this equal security? , 2014, SIN.