Agile Business Growth and Cyber Risk:

Cloud computing and the Internet of Things (IoT) have transformed businesses, enabling agile and cost-effective IT infrastructure. Both create new opportunities for entrepreneurial businesses and disruptive business models enabling growth. The challenge is that these new opportunities create a co-mingled architecture which is difficult to secure. The complexity of this architecture is magnified with the IoT. Based on interviews with executive leadership teams and boards of directors facing these new environments, we developed the over-arching research question: How do we secure increasingly dynamic architecture in an environment while supporting and creating agile business growth? We then narrowed this down to more specific questions dealt with in this study. The research involved an in-depth exploration of this problem using a survey instrument and multiple qualitative methods involving business leaders from 59 companies between 2017–2018. Based on this analysis, we developed an information security framework for executives in this new environment that builds on previous work. This framework is called the Extended Risk-Based Approach and provides businesses with an approach for securing an enterprise amidst the IoT and agile architecture. Importantly, the data analyzed suggests that this approach is critically needed to address the rapidly growing complexity of enterprise architecture and the digital world we live and work.

[1]  K. Arun,et al.  To improve the current security model and efficiency in cloud computing using access control matrix , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[2]  Jemal H. Abawajy,et al.  Detecting and Mitigating HX-DoS Attacks against Cloud Web Services , 2012, 2012 15th International Conference on Network-Based Information Systems.

[3]  Javier González,et al.  A Performance-Oriented Monitoring System for Security Properties in Cloud Computing Applications , 2012, Comput. J..

[4]  A. Strauss,et al.  Basics of qualitative research: Grounded theory procedures and techniques. , 1993 .

[5]  Akihiko Matsuo,et al.  SaaS Application Framework Using Information Gateway Enabling Cloud Service with Data Confidentiality , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[6]  Charla Griffy-Brown,et al.  How Do You Secure an Environment Without a Perimeter? Using Emerging Technology Processes to Support Information Security Efforts in an Agile Data Center , 2016 .

[7]  Peter J. Ryan,et al.  Research Challenges for the Internet of Things: What Role Can OR Play? , 2017, Syst..

[8]  Olga Levina,et al.  Enforcing confidentiality in a SaaS cloud environment , 2011, 2011 19thTelecommunications Forum (TELFOR) Proceedings of Papers.

[9]  Guiran Chang,et al.  TRM-IoT: A trust management model based on fuzzy reputation for internet of things , 2011, Comput. Sci. Inf. Syst..

[10]  Gihwan Cho,et al.  A Secure Service Framework for Handling Security Critical Data on the Public Cloud , 2011, ICITCS.

[11]  M Hasan Islam,et al.  Cloud computing security auditing , 2011, The 2nd International Conference on Next Generation Information Technology.

[12]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[13]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[14]  Feng Xie,et al.  A Framework for Storage Security in Cloud Computing , 2013 .

[15]  Jingyu Wang,et al.  Game-theoretic model of asymmetrical multipath selection in pervasive computing environment , 2016, Pervasive Mob. Comput..

[16]  Jay W. Forrester,et al.  System dynamics—a personal view of the first fifty years , 2007 .

[17]  A. Strauss,et al.  Basics of qualitative research: Grounded theory procedures and techniques. , 1992 .

[18]  Xia Liu,et al.  Applying Graph theory to the Internet of Things , 2013, 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing.

[19]  R. Prasad,et al.  A cloud computing security schemes:- TGOS [Threshold group-oriented signature] and TMS [Threshold multisignature schemes] , 2012, 2012 World Congress on Information and Communication Technologies.

[20]  Martin Gilje Jaatun,et al.  Monitoring Intrusions and Security Breaches in Highly Distributed Cloud Environments , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[21]  M. Meehan General System Theory: Foundations, Development, Applications , 1969 .

[22]  Qiaoyan Wen,et al.  SaaS Access Control Research Based on UCON , 2012, 2012 Fourth International Conference on Digital Home.

[23]  John W. Sutherland,et al.  General Systems Theory: Foundations, Developments, Applications , 1974 .

[24]  P. M. Hoener Cloud Computing Security Requirements and Solutions: a Systematic Literature Review , 2013 .