Subject: Information Security Management, Security Assessment, Security Standards, Virtualization
Year: 2012
Type: Proceedings
Title: A new methodology for security evaluation in cloud computing
Author: Kostoska, Magdalena
Author: Gushev, Marjan
Author: Ristov, Sashko
Abstract: Cloud service providers (CSPs) and cloud customers (CCs) are not only exposed to existing security risks but to new risks introduced by clouds, like multi-tenancy, virtualization and data outsourcing. Several international and industrial standards target information security and their conformity with cloud computing security challenges. We give an overview of these standards and evaluate their completeness. As a result we propose a new extension to the ISO 27001:2005 standard including a new control objective about virtualization applicable for cloud systems. We also define a new quantitative metric and evaluate the importance of existing ISO 27001:2005 control objectives if customer services are hosted on-premise or in cloud. Our conclusion is that obtaining the ISO 27001:2005 certificate is not enough for CSP and CC information security systems, especially in business continuity detriment that cloud computing produces and propose new solutions that mitigate the risks.
Publisher: IEEE
Relation: 2012 Proceedings of the 35th International Convention MIPRO
Identifier: oai:repository.ukim.mk:20.500.12188/20591
Identifier: http://hdl.handle.net/20.500.12188/20591