Developing a Conceptual Framework for Cloud Security Assurance

Managing information security in the cloud is a challenge. Traditional checklist approaches to standards compliance may well provide compliance, but do not guarantee to provide security assurance. The complexity of cloud relationships must be acknowledged and explicitly managed by recognising the implications of self-interest of each party involved. We begin development of a conceptual modelling framework for cloud security assurance that can be used as a starting point for effective continuous security assurance, together with a high level of compliance.

[1]  David J. Pym,et al.  Information Stewardship in Cloud Computing , 2010, Int. J. Serv. Sci. Manag. Eng. Technol..

[2]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .

[3]  Robert S. Hansen,et al.  A Test of the Agency Theory of Managerial Ownership, Corporate Leverage, and Corporate Dividends , 1989 .

[4]  Jenny Mead,et al.  Sarbanes‐Oxley Act , 2015 .

[5]  A. Zellner Bayesian Estimation and Prediction Using Asymmetric Loss Functions , 1986 .

[6]  S. Ross The Economic Theory of Agency: The Principal's Problem , 1973 .

[7]  Ken M. Shaurette Sarbanes-Oxley Act of 2002 (SOX) , 2010, Encyclopedia of Information Assurance.

[8]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[9]  Lex Donaldson,et al.  Stewardship Theory or Agency Theory: CEO Governance and Shareholder Returns , 1991 .

[10]  George T. Willingmyre Section 11. International standards at the crossroads , 1997, STAN.

[11]  Amiram Gill,et al.  Corporate Governance as Social Responsibility: A Research Agenda , 2007 .

[12]  Morten Huse,et al.  Accountability and Creating Accountability: A Framework for Exploring Behavioural Perspectives of Corporate Governance , 2005 .

[13]  Mary S. Schaeffer,et al.  Sarbanes-Oxley Act of 2002 , 2012 .

[14]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[15]  Surendra Arjoon,et al.  Corporate Governance: An Ethical Perspective , 2005 .

[16]  Jan H. P. Eloff,et al.  Information security: The moving target , 2009, Comput. Secur..

[17]  Paul S. Licker,et al.  Application stewardship: a user responsibility approach to post-implementation application performance , 2010, SIGMIS-CPR '10.

[18]  M. C. Jensen,et al.  Harvard Business School; SSRN; National Bureau of Economic Research (NBER); European Corporate Governance Institute (ECGI); Harvard University - Accounting & Control Unit , 1976 .

[19]  F. Chapin,et al.  Principles of ecosystem stewardship : resilience-based natural resource management in a changing world , 2009 .

[20]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[21]  Carl Folke,et al.  Comprar Principles of Natural Resource Stewardship · Resilience-Based Management in a Changing World | Chapin, III, F. Stuart | 9780387730325 | Springer , 2009 .

[22]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[23]  J. H. Davis,et al.  TOWARD A STEWARDSHIP THEORY OF MANAGEMENT , 1997 .

[24]  Z. Zhi-qi Strategy and Action for Cloud Computing of the European Union:Unleashing the Potential of Cloud Computing in Europe , 2013 .

[25]  Julian Williams,et al.  Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach , 2011, WEIS.

[26]  Ans Kolk,et al.  Sustainability, Accountability and Corporate Governance: Exploring Multinationals' Reporting Practices , 2008 .

[27]  Marco Casassa Mont,et al.  Information Stewardship in the Cloud : A Model-based Approach , 2010 .

[28]  David J. Pym,et al.  Information Stewardship in Cloud Ecosystems: Towards Models, Economics, and Delivery , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[29]  Shorey Peterson,et al.  The Modern Corporation and Private Property. , 1933 .

[30]  Christos Ioannidis,et al.  SUSTAINABILITY IN INFORMATION STEWARDSHIP: , 2013 .

[31]  Jared D. Harris What’s Wrong with Executive Compensation? , 2009 .

[32]  Marvin Waschke Cloud Standards , 2012, Apress.

[33]  Raymond W Y Kao Stewardship-Based Economics , 2007 .

[34]  K. Eisenhardt Agency Theory: An Assessment and Review , 1989 .

[35]  Vincent O'Connell Reflections on Stewardship Reporting , 2007 .

[36]  Ralph L. Keeney,et al.  Decisions with multiple objectives: preferences and value tradeoffs , 1976 .

[37]  David J. Pym,et al.  Structured Systems Economics for Security Management , 2010, WEIS.

[38]  Enrico Zio,et al.  Reliability engineering: Old problems and new challenges , 2009, Reliab. Eng. Syst. Saf..

[39]  Frøystein Gjesdal,et al.  ACCOUNTING FOR STEWARDSHIP , 1981 .