The Importance of Proper Measurement for a Cloud Security Assurance Model

Defining proper measures for evaluating the effectiveness of an assurance model, which we have developed to ensure cloud security, is vital to ensure the successful implementation and continued running of the model. We need to understand that with security being such an essential component of business processes, responsibility must lie with the board. The board must be responsible for defining their security posture on all aspects of the model, and therefore must also be responsible for defining what the necessary measures should be. Without measurement, there can be no control. However, it will also be necessary to properly engage with cloud service providers to achieve a more meaningful degree of security for the cloud user.

[1]  Bob Duncan,et al.  Company Management Approaches — Stewardship or Agency: Which Promotes Better Security in Cloud Ecosystems? , 2015, IEEE CLOUD 2015.

[2]  Graeme Auld,et al.  The New Corporate Social Responsibility , 2008 .

[3]  Samuel Kounev,et al.  Resilience Benchmarking , 2012, Resilience Assessment and Evaluation of Computing Systems.

[4]  David J. Pym,et al.  Structured Systems Economics for Security Management , 2010, WEIS.

[5]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[6]  John Peloza,et al.  How does corporate social responsibility create value for consumers , 2011 .

[7]  F. Chapin,et al.  Principles of ecosystem stewardship : resilience-based natural resource management in a changing world , 2009 .

[8]  Frank Pallas,et al.  An Agency Perspective to Cloud Computing , 2014, GECON.

[9]  Bob Duncan,et al.  Reflecting on Whether Checklists Can Tick the Box for Cloud Security , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[10]  Deb Bodeau,et al.  Cyber Resiliency Metrics, Version 1.0, Rev. 1 , 2012 .

[11]  Bob Duncan,et al.  Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[12]  Raymond W Y Kao Stewardship-Based Economics , 2007 .

[13]  M. Delmas,et al.  Triangulating Environmental Performance: What Do Corporate Social Responsibility Ratings Really Capture? , 2013 .

[14]  Erica Seville,et al.  Developing a Tool to Measure and Compare Organizations’ Resilience , 2013 .

[15]  D. Wood Measuring Corporate Social Performance: A Review , 2010 .

[16]  Igor Linkov,et al.  Measurable resilience for actionable policy. , 2013, Environmental science & technology.

[17]  R. Eccles,et al.  How to Become a Sustainable Company , 2012 .

[18]  J. Moon,et al.  Corporate Social Responsibility , 2004 .

[19]  David J. Pym,et al.  Developing a Conceptual Framework for Cloud Security Assurance , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[20]  Ioannis Ioannou,et al.  The Impact of Corporate Sustainability on Organizational Processes and Performance , 2012, Manag. Sci..

[21]  Seleshi Sisaye,et al.  Corporate sustainability: historical development and reporting practices , 2012 .

[22]  Michael Norris,et al.  The Sustainability Accounting Standards Board , 2014 .

[23]  Frank Figge,et al.  [Editorial] Trade-offs in corporate sustainability: you can't have your cake and eat it , 2010 .

[24]  Jonas Hagmann,et al.  Measuring resilience: methodological and political challenges of a trend security concept , 2014 .

[25]  Virgilio Cruz-Machado,et al.  Agile and resilient approaches to supply chain management: influence on performance and competitiveness , 2012, Logist. Res..

[26]  Noushi Rahman,et al.  Measurement Issues in Environmental Corporate Social Responsibility (ECSR): Toward a Transparent, Reliable, and Construct Valid Instrument , 2012 .

[27]  Bob Duncan,et al.  Compliance with standards, assurance and audit: does this equal security? , 2014, SIN.

[28]  George T. Willingmyre Section 11. International standards at the crossroads , 1997, STAN.

[29]  Amiram Gill,et al.  Corporate Governance as Social Responsibility: A Research Agenda , 2007 .

[30]  Surendra Arjoon,et al.  Corporate Governance: An Ethical Perspective , 2005 .

[31]  Ans Kolk,et al.  Sustainability, Accountability and Corporate Governance: Exploring Multinationals' Reporting Practices , 2008 .

[32]  Christos Ioannidis,et al.  SUSTAINABILITY IN INFORMATION STEWARDSHIP: , 2013 .

[33]  Ivan Montiel,et al.  Defining and Measuring Corporate Sustainability , 2014 .

[34]  Morten Huse,et al.  Accountability and Creating Accountability: A Framework for Exploring Behavioural Perspectives of Corporate Governance , 2005 .