Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing

Muhammad Imran Tariq, Vito Santarcangelo

Abstract

Cloud Computing provides a scalable, high availability and low cost services over the Internet. The advent of newer technologies introduces new risks and threats as well. Although the cloud has a very advanced structures and expansion of services, but security and privacy concerns have been creating obstacles for the enterprise to entirely shift to the cloud. Therefore, both service providers and clients should build an information security system and trust relationship with each other. In this research paper, we analysed most widely used international and industry standard (ISO/IEC 27001:2013) for information security to know its effectiveness for Cloud Organizations, each control importance factor for on-premises, IaaS, PaaS and SaaS, and identify the most suitable controls for the development of SLA based Information Security Metrics for each Cloud Service Model. We generically evaluated ibid standards control objectives without considering Cloud organization size, nature of work, enterprise size. To know effectiveness, relevance to Cloud Computing, factor of standard control objectives for the in-house or in a public cloud, we defined a quantitative metric. We come to the conclusion that ISO / IEC 27001:2013 compliance improves service providers and customer’s information security system and build a trust relationship but not fulfil all requirements and cover all relevant issues.

References

  1. Almorsy, M., Grundy, J. and Ibrahim, A. (2011). Collaboration-Based Cloud Computing Security Management Framework. 2011 IEEE 4th International Conference on Cloud Computing.
  2. Buyya, R., Yeo, C., Venugopal, S., Broberg, J. and Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), pp.599-616.
  3. Clayton, C. (2011). Standard Cloud Taxonomies and Windows Azure - Practical Development - Site Home - MSDN Blogs. [online] Blogs.msdn.com. [Accessed 2 Aug. 2015].
  4. Gikas, C. (2010). A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards.Information Security Journal: A Global Perspective, 19(3), pp.132-141.
  5. Imran Tariq, M. (2012). Towards Information Security Metrics Framework for Cloud Computing. IJ-CLOSER, 1(4).
  6. Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J. and Ghalsasi, A. (2011). Cloud computing The business perspective. Decision Support Systems, 51(1), pp.176- 189.
  7. Ristov, S. (2012). Cloud Computing Security in Business Information Systems. International Journal of Network Security & Its Applications, 4(2), pp.75-93.
  8. Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), pp.1-11.
  9. Takabi, H., Joshi, J. and Ahn, G. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE Security & Privacy Magazine, 8(6), pp.24-31.
  10. Tariq, M., Haq, I. and Iqbal, J. (2015). SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Framework. International Journal of Computer Networks and Communications Security, 1(3), pp.95-101.
Download


Paper Citation


in Harvard Style

Tariq M. and Santarcangelo V. (2016). Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 201-208. DOI: 10.5220/0005648702010208


in Bibtex Style

@conference{icissp16,
author={Muhammad Imran Tariq and Vito Santarcangelo},
title={Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={201-208},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005648702010208},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing
SN - 978-989-758-167-0
AU - Tariq M.
AU - Santarcangelo V.
PY - 2016
SP - 201
EP - 208
DO - 10.5220/0005648702010208