Fuzzy Modeling for Information Security Management Issues in Cloud Computing

The purpose of this study was to collect key success factors (KSFs) that determine information security management in cloud computing. Through contemporary literature reviews, we emphasized four major aspects: the external dimension, the internal dimension, the technology dimension, and the execution dimension. We used these dimensions to develop a questionnaire for collecting the responses from experts, and then used the fuzzy analytic hierarchy process (Fuzzy AHP) to categorize and analyze these responses. The investigations concluded the six major KFSs: authentication, disclosure prevention, encryption, service model, interface, and customer. Different from previous perceptions, information security management in cloud computing emphasizes factors that are more market-oriented. In addition, we explored several important KSFs, such as service model, interface, and customer criteria. These KSFs differed from the factors commonly regarded in the internet age.

[1]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[2]  Joobin Choobineh,et al.  Enterprise information security strategies , 2008, Comput. Secur..

[3]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[4]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[5]  F. Shimba,et al.  Cloud Computing: Strategies for Cloud Computing Adoption , 2010 .

[6]  Liang Yan,et al.  Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography , 2009, CloudCom.

[7]  Subhas C. Misra,et al.  Identification of a company's suitability for the adoption of cloud computing and modelling its corresponding Return on Investment , 2011, Math. Comput. Model..

[8]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[11]  Quey-Jen Yeh,et al.  On security preparations against possible IS threats across industries , 2006, Inf. Manag. Comput. Secur..

[12]  Chinyao Low,et al.  Understanding the determinants of cloud computing adoption , 2011, Ind. Manag. Data Syst..

[13]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[14]  Lorenzo Cotino Hueso Security, privacy and data protection I , 2013 .

[15]  Chun-Jung Chen,et al.  Information security issue of enterprises adopting the application of cloud computing , 2010, The 6th International Conference on Networked Computing and Advanced Information Management.

[16]  Prashant Pandey,et al.  Cloud computing , 2010, ICWET.

[17]  Zhixiong Chen,et al.  IT Auditing to Assure a Secure Cloud Computing , 2010, 2010 6th World Congress on Services.

[18]  Roger Dickinson,et al.  Critical success factors for directors in the eighties , 1982 .

[19]  Charles Chowa,et al.  Information System Success: Individual and Organizational Determinants , 2006, Manag. Sci..

[20]  Sebastiaan H. von Solms,et al.  Information Security Management: An Approach to Combine Process Certification And Product Evaluation , 2000, Comput. Secur..

[21]  Javier Santos,et al.  Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness , 2006, ISC.

[22]  Varun Grover,et al.  The Effect of Service Quality and Partnership on the Outsourcing of Information Systems Functions , 1996, J. Manag. Inf. Syst..

[23]  Varun Grover,et al.  Types of Information Technology Capabilities and Their Role in Competitive Advantage: An Empirical Study , 2005, J. Manag. Inf. Syst..

[24]  W. Pedrycz,et al.  A fuzzy extension of Saaty's priority theory , 1983 .

[25]  Ying Wang,et al.  Selecting a cruise port of call location using the fuzzy-AHP method: A case study in East Asia , 2014 .

[26]  Mark Ryan,et al.  Cloud computing privacy concerns on our doorstep , 2011, Commun. ACM.

[27]  J. Buckley,et al.  Fuzzy hierarchical analysis , 1999, FUZZ-IEEE'99. 1999 IEEE International Fuzzy Systems. Conference Proceedings (Cat. No.99CH36315).

[28]  Denis Trèek,et al.  An integral framework for information systems security management , 2003, Comput. Secur..

[29]  M. Porter,et al.  How Information Gives You Competitive Advantage , 1985 .

[30]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[31]  David L. Carter,et al.  Computer crime and security: The perceptions and experiences of corporate security directors , 1996 .

[32]  Hongwei Li,et al.  RESEARCH ON GEOGRAPHICAL ENVIRONMENT UNIT DIVISION BASED ON THE METHOD OF NATURAL BREAKS (JENKS) , 2013 .

[33]  Bhawna Taneja,et al.  Software Engineering Issues from the Cloud Application Perspective , 2010 .

[34]  S. K. Dubey,et al.  Security and Privacy in Cloud Computing: A Survey , 2013 .

[35]  Lawrence A. Gordon,et al.  Budgeting process for information security expenditures , 2006, CACM.

[36]  Gary Garrison,et al.  Success factors for deploying cloud computing , 2012, CACM.

[37]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[38]  Kenneth L. Kraemer,et al.  Review: Information Technology and Organizational Performance: An Integrative Model of IT Business Value , 2004, MIS Q..

[39]  Nabil Sultan,et al.  loud computing for education : A new dawn ? , 2009 .

[40]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[41]  Michael Hall,et al.  Security and Control in the Cloud , 2010, Inf. Secur. J. A Glob. Perspect..

[42]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[43]  Robert D Austin,et al.  The myth of secure computing. , 2003, Harvard business review.

[44]  S Ramgovind,et al.  The management of security in Cloud computing , 2010, 2010 Information Security for South Africa.

[45]  Hakan Erdogmus,et al.  Cloud Computing: Does Nirvana Hide behind the Nebula? , 2009, IEEE Softw..

[46]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[47]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[48]  Armando Calabrese,et al.  Using Fuzzy AHP to manage Intellectual Capital assets: An application to the ICT service industry , 2013, Expert Syst. Appl..