A Comparative Review of Cloud Security Proposals with ISO/IEC 27002

被引：0

作者：

Rebollo, Oscar ^{[1
]}

Mellado, Daniel ^{[2
]}

Fernandez-Medina, Eduardo ^{[2
]}

机构：

[1] Minist Labour & Immigrat, Social Secur IT Management, Madrid, Spain

[2] Univ Castilla La Mancha, GSyA Res Grp, Dept Informat Technol & Syst, Ciudad Real, Spain

来源：

WOSIS 2011: SECURITY IN INFORMATION SYSTEMS | 2011年

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Information Security is considered one of the main reasons why users are reluctant to adopt the new generation of services offered by cloud computing providers. In order to minimize risks, some security proposals have been developed, with the purpose of facing a wide range of security concerns. This paper reviews these existing approaches and defines a security comparative framework, based on ISO/IEC 27002, suitable for the cloud environment. The analysis process of these alternatives shows a partial compliance with the defined requirements as each one is focused on different issues. As a consequence, more investigation is needed to achieve a comprehensive cloud security framework. The results of this paper highlight the gaps and weaknesses of each proposal, so that directions are settled for future work.

引用

页码：3 / 12

页数：10

共 50 条

[1] Modeling Dependencies of ISO/IEC 27002:2013 Security Controls
Sengupta, Anirban
[J]. SECURITY IN COMPUTING AND COMMUNICATIONS (SSCC 2015), 2015, 536 : 354 - 367
[2] ISO/IEC 27001与ISO/IEC 27002标准的演变
谢宗晓
王静漪
[J]. 中国质量与标准导报, 2015, (07) : 48 - 52
[3] A Database System for Effective Utilization of ISO/IEC 27002
Iqbal, Ahmad
Horie, Daisuke
Goto, Yuichi
Cheng, Jingde
[J]. FCST 2009: PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON FRONTIER OF COMPUTER SCIENCE AND TECHNOLOGY, 2009, : 607 - 612
[4] ISO/IEC 27002:2022的改版要点分析
谢宗晓
甄杰
董坤祥
[J]. 中国质量与标准导报, 2022, (03) : 11 - 15
[5] From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls
Diamantopoulou, Vasiliki
Tsohou, Aggeliki
Karyda, Maria
[J]. INFORMATION AND COMPUTER SECURITY, 2020, 28 (04) : 645 - 662
[6] From ISO/IEC 27002:2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance
Diamantopoulou, Vasiliki
Tsohou, Aggeliki
Karyda, Maria
[J]. COMPUTER SECURITY, ESORICS 2019, 2020, 11980 : 238 - 257
[7] On Scalable Security Audit for Web Application According to ISO 27002
Bylica, Wojciech
Ksiezopolski, Bogdan
[J]. COMPUTER NETWORKS, 2011, 160 : 289 - 297
[8] Mapping information security standard ISO 27002 to an ontological structure
Fenz, Stefan
Plieschnegger, Stefanie
Hobel, Heidi
[J]. INFORMATION AND COMPUTER SECURITY, 2016, 24 (05) : 452 - 473
[9] THE STATUS OF INFORMATION SECURITY MANAGEMENT PERFORMANCE IN LIBRARIES OF STATE MEDICAL SCIENCES UNIVERSITIES IN TEHRAN BASED ON ISO/IEC 27002 STANDARDS
Mohaghegh, Niloofar
Janbozorgi, Mojgan
Mirzaeian, Razieh
Malekolkalami, Mila
Hojatizades, Yahya
[J]. INDO AMERICAN JOURNAL OF PHARMACEUTICAL SCIENCES, 2018, 5 (08): : 7540 - 7545
[10] An ISO/IEC 15504 Security Extension
Lluis Mesquida, Antoni
Mas, Antonia
Amengual, Esperanca
[J]. SOFTWARE PROCESS IMPROVEMENT AND CAPABILITY DETERMINATION, 2011, 155 : 64 - 72

← 1 2 3 4 5 →