Exploring Information Security Governance in Cloud Computing Organisation

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.

Download Full-text

Exploring Information Security Governance in Cloud Computing Organisation

Web Services ◽

10.4018/978-1-5225-7501-6.ch104 ◽

2019 ◽

pp. 2041-2059

Author(s):

Hemlata Gangwar ◽

Hema Date

Keyword(s):

Cloud Computing ◽

Information Security ◽

Technology Implementation ◽

Identity Management ◽

Education And Training ◽

End User ◽

Governance Framework ◽

Security Governance ◽

Information Security Governance ◽

And Training

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.

Download Full-text

Empirical evaluation of a cloud computing information security governance framework

Information and Software Technology ◽

10.1016/j.infsof.2014.10.003 ◽

2015 ◽

Vol 58 ◽

pp. 44-57 ◽

Cited By ~ 28

Author(s):

Oscar Rebollo ◽

Daniel Mellado ◽

Eduardo Fernández-Medina ◽

Haralambos Mouratidis

Keyword(s):

Cloud Computing ◽

Information Security ◽

Empirical Evaluation ◽

Governance Framework ◽

Security Governance ◽

Information Security Governance

Download Full-text

A Study on Enterprises Based on Information Security Education and Training to Improve Continuous Information Security Governance

Education and Awareness of Sustainability ◽

10.1142/9789811228001_0014 ◽

2020 ◽

Author(s):

Chih-Yung Chen ◽

Chen-Hua Fu ◽

Yi-Chang Hsu ◽

Chia-Yi Lu

Keyword(s):

Information Security ◽

Education And Training ◽

Security Governance ◽

Security Education ◽

Information Security Governance ◽

And Training

Download Full-text

Secure Information Assets with Data: An Information Security Governance Framework Using Orchestrated Data Analytics from a Holistic Perspective

Proceedings of the 2016 International Conference on Computer Science and Electronic Technology ◽

10.2991/cset-16.2016.43 ◽

2016 ◽

Author(s):

Huaying Chen ◽

Zhijun Song

Keyword(s):

Information Security ◽

Data Analytics ◽

Governance Framework ◽

Security Governance ◽

Holistic Perspective ◽

Secure Information ◽

Information Security Governance ◽

Information Assets

Download Full-text

Securing Cloud Computing Through IT Governance

INFORMATION TECHNOLOGY IN INDUSTRY ◽

10.17762/itii.v7i1.62 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Salman M. Faizi, Shawon Rahman

Keyword(s):

Information Technology ◽

Cloud Computing ◽

Information Security ◽

It Governance ◽

Security Governance ◽

Business Alignment ◽

Information Security Governance ◽

Business Needs ◽

Market Needs

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

Download Full-text

An Integrated Security Governance Framework for Effective PCI DSS Implementation

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch012 ◽

2013 ◽

pp. 177-194

Author(s):

Mathew Nicho ◽

Hussein Fakhry

Keyword(s):

Information Security ◽

Credit Cards ◽

Comprehensive Overview ◽

Technology Infrastructure ◽

Governance Framework ◽

Information Technology Infrastructure ◽

Security Governance ◽

Pci Dss ◽

Information Security Governance ◽

Security Standards

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

Download Full-text

An Information Security Governance Framework

Information Systems Management ◽

10.1080/10580530701586136 ◽

2007 ◽

Vol 24 (4) ◽

pp. 361-372 ◽

Cited By ~ 112

Author(s):

A. Da Veiga ◽

J. H. P. Eloff

Keyword(s):

Information Security ◽

Governance Framework ◽

Security Governance ◽

Information Security Governance

Download Full-text

An Integrated Security Governance Framework for Effective PCI DSS Implementation

International Journal of Information Security and Privacy ◽

10.4018/jisp.2011070104 ◽

2011 ◽

Vol 5 (3) ◽

pp. 50-67 ◽

Cited By ~ 3

Author(s):

Mathew Nicho ◽

Hussein Fakhry ◽

Charles Haiber

Keyword(s):

Information Security ◽

Credit Cards ◽

Comprehensive Overview ◽

Technology Infrastructure ◽

Governance Framework ◽

Security Governance ◽

Pci Dss ◽

Information Security Governance ◽

Security Standards ◽

And Control

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

Download Full-text

A Scoring System for Information Security Governance Framework Using Deep Learning Algorithms: A Case Study on the Banking Sector

Journal of Data and Information Quality ◽

10.1145/3418172 ◽

2021 ◽

Vol 13 (2) ◽

pp. 1-34

Author(s):

Abeer A. Al Batayneh ◽

Malik Qasaimeh ◽

Raad S. Al-Qassas

Keyword(s):

Deep Learning ◽

Information Security ◽

Banking Sector ◽

Evaluation Method ◽

Learning Algorithm ◽

Cyber Attacks ◽

Suggested Approach ◽

Governance Framework ◽

Security Governance ◽

Information Security Governance

Cybercrime reports showed an increase in the number of attacks targeting financial institutions. Indeed, banks were the target of 30% of the total number of cyber-attacks. One of the recommended methods for driving the security challenges is to implement an Information Security Governance Framework (ISGF), a comprehensive practice that starts from the top management and ends with the smallest function in a bank. Although such initiatives are effective, they typically take years to achieve and require loads of resources, especially for larger banks or if there are multiple ISGFs available for the bank to choose. These implementation challenges showed the necessity of having a method for evaluating the adequacy of an ISGF for a bank. The research performed during the preparation of this article did not reveal any available structured evaluation method for an ISGF before its implementation. This chapter introduces a novel method for scoring an ISGF to assess its adequacy for a bank without implementing it. The suggested approach is based on ISGF decomposition and transformation into a survey that will be answered by security experts. The survey results were loaded into a Deep Learning Algorithm that produced a scoring model that could predict the adequacy of an ISGF for a bank with an accuracy of 75%.

Download Full-text