Security in Organisations: Governance, Risks and Vulnerabilities in Moving to the Cloud

Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG.

[1]  Slinger Jansen,et al.  Defining multi-tenancy: A systematic mapping study on the academic and the industrial perspective , 2015, J. Syst. Softw..

[2]  G. A. de Oliveira Alves,et al.  Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG) , 2006 .

[3]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[4]  P. Santhi Thilagam,et al.  Heuristics based server consolidation with residual resource defragmentation in cloud data centers , 2015, Future Gener. Comput. Syst..

[5]  Shirley M. Radack Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations | NIST , 2012 .

[6]  Christopher W. Johnson,et al.  Factors influencing risk acceptance of Cloud Computing services in the UK Government , 2015, ArXiv.

[7]  Joan Hash,et al.  Information Security Handbook: A Guide for Managers - Recommendations of the National Institute of Standards and Technology , 2012 .

[8]  Mukesh Singhal,et al.  Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[9]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[10]  Ming-Chien Hung,et al.  Competition and Challenge on Adopting Cloud ERP , 2014 .

[11]  Victor Chang A proposed model to analyse risk and return for a large computing system adoption , 2013 .

[12]  P. Weill,et al.  It Governance on One Page , 2004 .

[13]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[14]  Daan Broeder,et al.  A data infrastructure reference model with applications: towards realization of a ScienceTube vision with a data replication service , 2013, Journal of Internet Services and Applications.

[15]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[16]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2012, The Journal of Supercomputing.

[17]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[18]  Rolf Moulton,et al.  Applying information security governance , 2003, Comput. Secur..

[19]  Jie Xu,et al.  Enhancing Multi-tenancy Security in the Cloud IaaS Model over Public Deployment , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[20]  Dieter Fink,et al.  Information technology governance: an evaluation of the theory‐practice gap , 2010 .

[21]  Fazirulhisyam Hashim,et al.  Cloud computing security risks with authorization access for secure Multi-Tenancy based on AAAS protocol , 2015, TENCON 2015 - 2015 IEEE Region 10 Conference.

[22]  Jaydip Sen,et al.  Security and Privacy Issues in Cloud Computing , 2013, ArXiv.

[23]  C. Branford-White The Financial Aspects of Corporate Governance , 2003 .

[24]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[25]  Sebastiaan H. von Solms,et al.  Corporate Governance and Information Security , 2001, Comput. Secur..

[26]  M. Avram,et al.  Advantages and Challenges of Adopting Cloud Computing from an Enterprise Perspective , 2014 .

[27]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[28]  Chris Mallin,et al.  Editorial: The Relationship between Corporate Governance, Transparency and Financial Disclosure , 2002 .

[29]  Kevin Curran,et al.  Cloud Computing Security , 2011, Int. J. Ambient Comput. Intell..

[30]  Louis Bouchez Principles of Corporate Governance: the OECD Perspective , 2007 .

[31]  Haibo Chen,et al.  Security-Preserving Live Migration of Virtual Machines in the Cloud , 2012, Journal of Network and Systems Management.

[32]  Martin Molina,et al.  A tenant-based resource allocation model for scaling Software-as-a-Service applications over cloud computing infrastructures , 2013, Future Gener. Comput. Syst..

[33]  Peter Weill,et al.  Don't Just Lead, Govern: How Top-Performing Firms Govern IT , 2004, MIS Q. Executive.

[34]  Victor I. Chang,et al.  The Business Intelligence as a Service in the Cloud , 2014, Future Gener. Comput. Syst..

[35]  Siani Pearson,et al.  Privacy, Security and Trust in Cloud Computing , 2013 .

[36]  Jeremy Hilton,et al.  A Reference Model of Information Assurance & Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[37]  Rossouw von Solms,et al.  Information Security Governance: A model based on the Direct-Control Cycle , 2006, Comput. Secur..

[38]  R. Solms,et al.  IT oversight: an important function of corporate governance , 2005 .

[39]  Felix I. Lessambo The International Corporate Governance System , 2014 .

[40]  Allen C. Johnston,et al.  Improved security through information security governance , 2009, CACM.

[41]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[42]  Siani Pearson,et al.  Privacy and Security for Cloud Computing , 2012, Computer Communications and Networks.

[43]  Victor I. Chang,et al.  Organisational sustainability modelling - An emerging service and analytics model for evaluating Cloud Computing adoption with two case studies , 2016, Int. J. Inf. Manag..

[44]  Kenneth G. Rau,et al.  Effective Governance of It: Design Objectives, Roles, and Relationships , 2004, Inf. Syst. Manag..

[45]  M. Pollitt,et al.  Understanding How Issues in Corporate Governance Develop: Cadbury Report to Higgs Review , 2004 .

[46]  Gary B. Wills,et al.  An Overview of Cloud Services Adoption Challenges in Higher Education Institutions , 2015, ESaaSA@CLOSER.

[47]  Farzad Sabahi,et al.  Virtualization-level security in cloud computing , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[48]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[49]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[50]  N. Kshetri Privacy and security issues in cloud computing: The role of institutions and institutional evolution , 2013 .

[51]  Ahmad A. Abu-Musa Exploring Information Technology Governance (ITG) in Developing Countries: AN Empirical Study , 2007 .