Security governance as a service on the cloud-Reference-Cited by-同舟云学术

Security governance as a service on the cloud

Published:2019-12 Issue:1 Volume:8 Page:
ISSN:2192-113X
Container-title:Journal of Cloud Computing
language:en
Short-container-title:J Cloud Comp

Author:

Bryce Ciarán

Abstract

AbstractSmall companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations.

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Software

Link

http://link.springer.com/content/pdf/10.1186/s13677-019-0148-5.pdf

Reference19 articles.

1. Agostinelli S, Maggi FM, Marrella A, Sapio F (2019) Achieving GDPR compliance of BPMN process models In: Information Systems Engineering in Responsible Information Systems - CAiSE Forum 2019, Rome, Italy, June 3-7, 2019, Proceedings, 10–22. https://doi.org/10.1007/978-3-030-21297-1_2.

2. Brunner M, Sillaber C, Breu R (2017) Towards automation in information security management systems In: 2017 IEEE International Conference on Software Quality, Reliability and Security, QRS 2017, Prague, Czech Republic, July 25-29, 2017, 160–167. https://doi.org/10.1109/qrs.2017.26.

3. Cedric Xing B, Shanahan M, Leslie-Hurd R (2016). IntelÂ Ⓡ software guard extensions (intelÂ Ⓡ sgx) software support for dynamic memory allocation inside an enclave 06:1–9.

4. Chabanoles N, Ozil P, Farrance M (2015) Bonita BPM: an innovative bpm-based application development platform to build engaging, user-oriented business applications In: BPM (Demos), 21–24. http://ceur-ws.org/Vol-1418/paper5.pdf.

5. Gikas C (2010) A general comparison of fisma, hipaa, ISO 27000 and PCI-DSS standards. Inf Secur J A Glob Perspect 19(3):132–141.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Inter‐Cloud Data Security Framework to Build Trust Based on Compliance with Controls;IET Information Security;2024-01

2. Data Security Mechanism for Green Cloud;2021 Innovations in Energy Management and Renewable Resources(52042);2021-02-05

3. Effective Tools and Technologies for Creating and Maintaining Web Resources Based on JavaScript Libraries;Studies in Systems, Decision and Control;2021

4. Approximation analysis of ontology learning algorithm in linear combination setting;Journal of Cloud Computing;2020-06-04