A Comparative Review of Cloud Security Proposals with ISO/IEC 27002

被引：0

作者：

Rebollo, Oscar ^{[1
]}

Mellado, Daniel ^{[2
]}

Fernandez-Medina, Eduardo ^{[2
]}

机构：

[1] Minist Labour & Immigrat, Social Secur IT Management, Madrid, Spain

[2] Univ Castilla La Mancha, GSyA Res Grp, Dept Informat Technol & Syst, Ciudad Real, Spain

来源：

WOSIS 2011: SECURITY IN INFORMATION SYSTEMS | 2011年

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Information Security is considered one of the main reasons why users are reluctant to adopt the new generation of services offered by cloud computing providers. In order to minimize risks, some security proposals have been developed, with the purpose of facing a wide range of security concerns. This paper reviews these existing approaches and defines a security comparative framework, based on ISO/IEC 27002, suitable for the cloud environment. The analysis process of these alternatives shows a partial compliance with the defined requirements as each one is focused on different issues. As a consequence, more investigation is needed to achieve a comprehensive cloud security framework. The results of this paper highlight the gaps and weaknesses of each proposal, so that directions are settled for future work.

引用

页码：3 / 12

页数：10

共 50 条

[31] Toward an Effective Information Security Risk Management of Universities' Information Systems Using Multi Agent Systems, Itil, Iso 27002, Iso 27005
Faris, S.
Medromi, H.
El Hasnaoui, S.
Iguer, H.
Sayouti, A.
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2014, 5 (06) : 114 - 118
[32] Supporting Verification and Validation of Security Targets with ISO/IEC 15408
Bao, Da
Miura, Junichi
Zhang, Ning
Goto, Yuichi
Cheng, Jingde
[J]. PROCEEDINGS 2013 INTERNATIONAL CONFERENCE ON MECHATRONIC SCIENCES, ELECTRIC ENGINEERING AND COMPUTER (MEC), 2013, : 2621 - 2628
[33] Analysis of ISO/IEC 17799:2000 to be used in Security Metrics
Villarrubia, C
Fernández-Medina, E
Piattini, M
[J]. SAM '04: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, 2004, : 109 - 117
[34] Advanced Security Assurance Case Based on ISO/IEC 15408
Potii, Oleksandr
Illiashenko, Oleg
Komin, Dmitry
[J]. THEORY AND ENGINEERING OF COMPLEX SYSTEMS AND DEPENDABILITY, 2015, 365 : 391 - 401
[35] GEST: A Generator of ISO/IEC 15408 Security Target Templates
Horie, Daisuke
Yajima, Kenichi
Azimah, Noor
Goto, Yuichi
Cheng, Jingde
[J]. COMPUTER AND INFORMATION SCIENCE 2009, 2009, 208 : 149 - 158
[36] Security of Zero Trust Networks in Cloud Computing: A Comparative Review
Sarkar, Sirshak
Choudhary, Gaurav
Shandilya, Shishir Kumar
Hussain, Azath
Kim, Hwankuk
[J]. SUSTAINABILITY, 2022, 14 (18)
[37] Development site security process of ISO/IEC TR 15504
Lee, ES
Kim, TH
[J]. KNOWLEDGE-BASED INTELLIGENT INFORMATION AND ENGINEERING SYSTEMS, PT 3, PROCEEDINGS, 2004, 3215 : 60 - 66
[38] A security requirement management database based on ISO/IEC 15408
Morimoto, S
Horie, D
Cheng, JD
[J]. COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2006, PT 3, 2006, 3982 : 1 - 10
[39] Information Security Risk Management: Handbook for ISO/IEC 27001
Lomas, Elizabeth
[J]. RECORDS MANAGEMENT JOURNAL, 2011, 21 (03) : 239 - +
[40] A review of proposals for amendments to the ISO 230 Standards
Chiles, V
Blackshaw, DMS
[J]. LASER METROLOGY AND MACHINE PERFORMANCE V, 2001, : 233 - 244

← 1 2 3 4 5 →