Information Security Requirements of Cloud Computing Information System

2018 ◽  
pp. 83-89
Author(s):  
Haohao Song
Keyword(s):  
Cloud Computing ◽  
Information System ◽  
Information Security ◽  
Security Requirements

scholarly journals Model and Technique for Abonent Address Masking in Cyberspace

2020 ◽  
pp. 2-13
Author(s):  
Vadim Kuchurov ◽  
◽  
Roman Maximov ◽  
Roman Sherstobitov ◽  
◽  
...  
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Information Exchange ◽  
Information Technologies ◽  
System Structure ◽  
Security Requirements ◽  
Kolmogorov Equation ◽  
Basic Set ◽  
Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

scholarly journals THE BIS-GRID ENGINE: AN ORCHESTRATION AS A SERVICE INFRASTRUCTURE

2014 ◽  
pp. 96-104
Author(s):  
André Höing ◽  
Guido Scherp ◽  
Stefan Gudenkauf
Keyword(s):  
Cloud Computing ◽  
Information System ◽  
System Integration ◽  
Cloud Service ◽  
Security Requirements ◽  
Integration Platform ◽  
Platform As A Service ◽  
Information System Integration ◽  
Cloud Technologies ◽  
Need For Information

The need for information system integration is typical for many companies including small and medium-sized enterprises (SMEs). But especially for SMEs, the costs to run a full-fledged integration platform in-house are beyond the available IT budget. This article describes the concept of Orchestration as a Service (OaaS), a specialization of the Platform as a Service (PaaS) paradigm in the Cloud (computing) world. The goal of this paradigm is to provide a workflow-based integration platform as a (Cloud) service focusing on so-called service orchestrations. We present the BIS-Grid Engine as a core middleware for an OaaS infrastructure including a discussion about how our solution addresses security requirements that are a key issue in Cloud technologies.

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

2015 ◽  
Vol 6 (1) ◽  
pp. 24-46
Author(s):  
Azadeh Alebrahim ◽  
Denis Hatebur ◽  
Stephan Fassbender ◽  
Ludger Goeke ◽  
Isabelle Côté
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Risk Analysis ◽  
Computing System ◽  
Security Requirements ◽  
Analysis Method ◽  
Computing Systems ◽  
Cloud Systems ◽  
Cloud Computing System ◽  
Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

2015 ◽  
pp. 730-747
Author(s):  
Azadeh Alebrahim ◽  
Denis Hatebur ◽  
Stephan Fassbender ◽  
Ludger Goeke ◽  
Isabelle Côté
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Risk Analysis ◽  
Computing System ◽  
Security Requirements ◽  
Analysis Method ◽  
Computing Systems ◽  
Cloud Systems ◽  
Cloud Computing System ◽  
Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

PRIVATE CLOUD STORAGE IN RURAL'S MANAGEMENT AND INFORMATION SYSTEM USING ROADMAP FOR CLOUD COMPUTING ADOPTION (ROCCA)

2020 ◽  
Vol 2 (2) ◽  
pp. 172-183
Author(s):  
Muhammad Agreindra Helmiawan ◽  
Irfan Fadil
Keyword(s):  
Cloud Computing ◽  
Information System ◽  
Information Security ◽  
Cloud Storage ◽  
Management Policy ◽  
Business Continuity ◽  
Private Cloud ◽  
File Management ◽  
Business Continuity Management ◽  
Cloud Computing Adoption

 The draft Management Policy and Rural Information system are all articles with several articles governing all information security. In concerning Business Continuity Management it is written "The information system and security work unit backs up data periodically, to safer backing up data using Cloud computing facilities." Cloud computing has advantages as file management. Private cloud storage is a form of cloud computing that is intended for limited use in certain circles and one of its functions is used for backing up data or file management. On the other hand, there is software that can be used to implement private cloud storage, namely Owncloud. To run the Rural Information Security Policy Draft article on Business Continuity Management and for the provision of data centers, a study was conducted to implement private cloud storage using Owncloud. The method used in this study is the Roadmap for Cloud computing Adoption (ROCCA) with five stages, namely the stages of analysis, design, adoption, migration, and management. The results of this research are private cloud storage using Owncloud as a medium for storing, securing, and sharing files that are flexible and highly scalable that can be accessed via the internet by users.

scholarly journals Prioritization of Information Security Controls through Fuzzy AHP for Cloud Computing Networks and Wireless Sensor Networks

Sensors ◽  
2020 ◽  
Vol 20 (5) ◽  
pp. 1310 ◽  
Author(s):  
Muhammad Imran Tariq ◽  
Shakeel Ahmed ◽  
Nisar Ahmed Memon ◽  
Shahzadi Tayyaba ◽  
Muhammad Waseem Ashraf ◽  
...  
Keyword(s):  
Wireless Sensor Networks ◽  
Cloud Computing ◽  
Sensor Networks ◽  
Information Security ◽  
Fuzzy Ahp ◽  
Security Requirements ◽  
Wireless Sensor ◽  
International Electrotechnical Commission ◽  
Control Analysis ◽  
Security Controls

With the advent of cloud computing and wireless sensor networks, the number of cyberattacks has rapidly increased. Therefore, the proportionate security of networks has become a challenge for organizations. Information security advisors of organizations face difficult and complex decisions in the evaluation and selection of information security controls that permit the defense of their resources and assets. Information security controls must be selected based on an appropriate level of security. However, their selection needs intensive investigation regarding vulnerabilities, risks, and threats prevailing in the organization as well as consideration of the implementation, mitigation, and budgetary constraints of the organization. The goal of this paper was to improve the information security control analysis method by proposing a formalized approach, i.e., fuzzy Analytical Hierarchy Process (AHP). This approach was used to prioritize and select the most relevant set of information security controls to satisfy the information security requirements of an organization. We argue that the prioritization of the information security controls using fuzzy AHP leads to an efficient and cost-effective assessment and evaluation of information security controls for an organization in order to select the most appropriate ones. The proposed formalized approach and prioritization processes are based on International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 27001:2013. But in practice, organizations may apply this approach to any information security baseline manual.

Perencanaan Arsitektur Sistem Informasi Rekam Medis dan Monitoring Gizi Buruk Berbasis Cloud Computing (Studi Kasus: Dinas Kesehatan Propinsi Jawa Barat)

2017 ◽  
Vol 8 (3) ◽  
Author(s):  
Ova Nurisma Putra
Keyword(s):  
Cloud Computing ◽  
Information System ◽  
Medical Record ◽  
Medical Records ◽  
Monitoring And Evaluation ◽  
Open Group ◽  
Development Method ◽  
Information System Architecture ◽  
Architecture Framework ◽  
Architecture Development

Abstract. West Java Provincial Health Office still faces difficulties in managing information, especially in medical records. Recording and reporting of malnutrition are still done in some stages starting from collecting data from village midwives, puskesmas, Regency/City Health Office then Provincial Health Office and forwarded to the the central office. It is necessary to manage information through service system by utilizing Cloud Computing based on information technology. This research uses The Open Group Architecture Framework (TOGAF) approach in Architecture Development Method (ADM), from Architecture Capability Iteration to  Architecture Development Iteration. Monitoring and Evaluation (M & E) are two integrated activities in the context of controlling a program. The results of this research are planning a medical record information system architecture and monitoring malnutrition based on Cloud Computing with the name of M2Rec (Medical Record and Monitoring) in the form of integrated recommendation and development between current information system and proposed information system architecture.Keywords: togaf adm, medical record and monitoring, cloud computing Abstrak. Perencanaan Arsitektur Sistem Informasi Rekam Medis dan Monitoring Gizi Buruk Berbasis Cloud Computing. Dinas Kesehatan Propinsi Jawa Barat masih mengalami kesulitan dalam pengelolaan informasi yang baik, terutama pada proses rekam medis, pencatatan dan pelaporan gizi buruk masih dilakukan secara bertingkat mulai pengumpulan data dari bidan desa, puskesmas, Dinas Kesehatan Kabupaten/Kota kemudian Dinas Kesehatan Propinsi dan diteruskan ke pusat. Sehingga perlu diupayakan pengelolaan informasi melalui sistem pelayanan dengan memanfaatkan teknologi informasi berbasis Cloud Computing. Penelitian ini menggunakan pendekatan framework The Open Group Architecture Framework (TOGAF) Architecture Development Method (ADM), yaitu iterasi ke satu pada Architecture Capability Iteration daniterasi ke dua pada Architecture Development Iteration. Monitoring dan Evaluasi (M&E) merupakan dua kegiatan terpadu dalam rangka pengendalian suatu program. Hasil dari penelitian ini adalah perencanaan arsitektur sistem informasi rekam medis dan monitoring gizi buruk berbasis Cloud Computing dengan nama M2Rec (Medical Record and Monitoring) yang berupa rekomendasi integrasi dan pengembangan antara sistem informasi berjalan saat ini dengan arsitektur sistem informasi yang diusulkan.Kata kunci: togaf adm, medical record and monitoring, cloud computing.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Sign in / Sign up

Export Citation Format

Share Document