IT Security Risk Management Model for Cloud Computing

2013 ◽  
Vol 4 (4) ◽  
pp. 1-19 ◽  
Author(s):  
Gunnar Wahlgren ◽  
Stewart Kowalski
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
It Security ◽  
Maturity Model ◽  
Security Risk ◽  
Cloud Computing Environment ◽  
New Approach ◽  
Capability Maturity ◽  
Security Risk Management ◽  
Security Incidents

The authors combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework. With this combined framework the authors create a new approach to IT Security Risk Management where IT Security Risk Management is place at the strategic, tactical and operational levels of an organizational. In this paper the authors concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. The authors present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally the authors apply the approach to typical cloud computing environment as a first step to evaluate this new approach.

Network externalities, layered protection and IT security risk management

2007 ◽  
Vol 44 (1) ◽  
pp. 1-16 ◽  
Author(s):  
Wei T. Yue ◽  
Metin Çakanyıldırım ◽  
Young U. Ryu ◽  
Dengpan Liu
Keyword(s):  
Risk Management ◽  
Network Externalities ◽  
It Security ◽  
Security Risk ◽  
Security Risk Management

A Security Risk Management Metric for Cloud Computing Systems

2014 ◽  
Vol 4 (3) ◽  
pp. 1-21 ◽  
Author(s):  
Mouna Jouini ◽  
Latifa Ben Arfa Rabai
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
Cyber Security ◽  
Economic Security ◽  
Public Utility ◽  
Cloud Provider ◽  
Security Model ◽  
Security Risk ◽  
Cloud Computing System ◽  
Security Risk Management

Cloud computing is a growing technology used by several organizations because it presents a cost effective policy to manage and control Information Technology (IT). It delivers computing services as a public utility rather than a personal one. However, despite these benefits, it presents many challenges including access control and security problems. In order to assess security risks, the paper gives an overview of security risk management metrics. Then, it illustrates the use of a cyber security measure to describe an economic security model for cloud computing system. Moreover, it proposes a cloud provider business model for security issues. Finally, the paper shows a solution related to the vulnerabilities in cloud systems using a new quantitative metric to reduce the probability that an architectural components fails. The main aim of this article is to quantify security threats in cloud computing environments due to security breaches using a new security metric.

IT Security Risk Management Model for Handling IT-Related Security Incidents

2018 ◽  
pp. 129-151 ◽  
Author(s):  
Gunnar Wahlgren ◽  
Stewart James Kowalski
Keyword(s):  
Critical Infrastructure ◽  
Design Science ◽  
Management Model ◽  
Maturity Model ◽  
Security Risk ◽  
Self Assessment ◽  
Security Incident ◽  
Private And Public ◽  
Security Risk Management ◽  
Security Incidents

Managing IT-related security incidents is an important issue facing many organizations in Sweden and around the world. To deal with this growing problem, the authors have used a design science approach to develop an artifact to measure different organizations' capabilities and maturity to handle IT-related security incidents. In this chapter, an escalation maturity model (artifact) is presented, which has been tested on several different Swedish organizations. The participating organizations come from both the private and public sectors, and all organizations handle critical infrastructure, which can be damaged if an IT-related security incident occurs. Organizations had the opportunity to evaluate the actual model itself and also to test the model by calculating the organization's escalation capability using a query package for self-assessment.

Sign in / Sign up

Export Citation Format

Share Document