Information Security Management Issues in a Cloud-based environment

There is a critical need to ensure users that information stored in cloud is more secure and accessible. This is in addition of showing to them that cloud computing environment provide methods for establishing and maintaining the integrity of information as well as its availability and its processing. Much as there are many advantages of deploying services in the cloud, there are numerous information security issues associated with it since it encompasses many technologies including networks, databases, operating systems, and people. The major objective of this study was to identify these issues and to develop an information security management framework for cloud based environment. From related literature, relevant issues were identified using textual analysis and grouped into six categories of; organizational, environmental, contingency management, security policy, internal control, and information and risk management. These issues were validated in a framework by using the analytical hierarchical process (AHP) method. Results of the study indicated that, environmental issues play a critical role in the information security management as compared to other issues whereas the information and risk management issues were found not to be so significant. This study contributes to the information security management body of knowledge by providing a single empirically validated framework that will be used theoretically to extend research in the domain of this study and practically by management while making decisions relating to security management in cloud computing.

[1]  A. V. D. Ven,et al.  Alternative forms of fit in contingency theory. , 1985 .

[2]  K. Klimczak,et al.  Risk Management Theory: A Comprehensive Empirical Assessment , 2007 .

[3]  Ayub Hussein Shirandula Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines , 2012 .

[4]  L. R. Chao,et al.  An integrated system theory of information security management , 2003, Inf. Manag. Comput. Secur..

[5]  Sebastiaan H. von Solms,et al.  Information Security Management: A Hierarchical Framework for Various Approaches , 2000, Comput. Secur..

[6]  Iit INFORMATION SYSTEMS CONTROL AND AUDIT , 2007 .

[7]  Michel E. Kabay The NCSA Guide to Enterprise Security: Protecting Information Assets , 1996 .

[8]  Shirley Radack Security Metrics: Measurements to Support the Continued Development of Information Security Technology | NIST , 2010 .

[9]  John Sherwood SALSA: A method for developing the enterprise security architecture and strategy , 1996, Comput. Secur..

[10]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[11]  Kavoos Mohannak,et al.  Information security culture: A Behaviour Compliance Conceptual Framework , 2010, AISC.

[12]  Mohammed Alnatheer A Conceptual Model to Understand Information Security Culture , 2014 .

[13]  José Neuman de Souza,et al.  Towards value-based information security management monitoring , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[14]  T. Saaty Relative measurement and its generalization in decision making why pairwise comparisons are central in mathematics for the measurement of intangible factors the analytic hierarchy/network process , 2008 .

[15]  M. Bohanec,et al.  The Analytic Hierarchy Process , 2004 .

[16]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .