Abstract
More and more individual users and businesses are earnestly considering cloud adoption for achieving mission objectives. However, concerns being raised include the ability of users to ascertain the security posture of cloud service providers to adequately safeguard data and applications. We present a cloud security audit framework that entails a set of concepts such as goals, constraint, plan and evidence to enable prospective cloud users to identify their migration goals and introduce constraints that must be satisfied by a potential cloud provider before migration. The concepts are considered as a language for describing the properties necessary for cloud security audit through a metamodel. An example is given to demonstrate the applicability of the approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Moeller, R.: IT Audit, Control, and Security. Wiley, Hoboken (2010)
Mateescu, G., Vlădescu, M., Sgârciu, V.: Auditing cloud computing migration. In: 9th IEEE International Symposium on Applied Computational Intelligence and Informatics, Timişoara, Romania (2014)
Vidya Marshal, S.: Secure audit service by using TPA for data integrity in cloud system: Int. J. Innovative Technol. Exploring Eng. (IJITEE) 3(4) (2013). ISSN: 2278-3075
Cloud Security Alliance CloudAudit: Automated, Audit, Assertion, Assessment and Assurance (2011). http://cloudaudit.org-Accessed. Accessed 29 Mar 2015
Mouratidis, H., Giorgini, P.: Secure tropos: a security – oriented extension of the tropos methodology. J. Auton. Agents Multi-Agent Syst. 17, 285–309 (2007)
National IT and Telecoms Agency: Cloud Audit and Assurance Initiatives. The National IT and Telecoms Agency, Denmark (2011). http://www.digst.dk/~/media/Files/English/Cloud%20Audit%20and%20Assurance%20EN_cagr.pdf. Accessed 12 Apr 15
Ouedraogo, M., Mouratidius, H.: Selecting a Cloud Service Provider in the age of cybercrime. J. Comput. Secur. 38, 3–13 (2013)
Pearson, S., Yee, G.: Privacy and Security for Cloud Computing. Computer Communication and Network. Springer, London (2013)
Cloud Security Alliance CloudAudit: Automated, Audit, Assertion, Assessment and Assurance, (2010). http://cloudaudit.org-Accessed. Accessed 29 Jan 2015
Nicolaou, C.A.: Auditing in the cloud: challenges and opportunities. CPA J. 82, 66 (2012)
Ryoo, J., Rizvi, S., Aiken, W., Kissell, J.: Cloud security auditing: challenges and emerging approaches. IEEE Secur. Priv. 12(6), 68–74 (2014)
Yu, E.: Modelling strategic relationships for process reengineering. Ph.D. thesis, Department of Computer Science, University of Toronto, Canada (1995)
Cloud Security Alliance: Cloud Control Matrix (2011). https://cloudsecurityalliance.org/research/ccm/. Accessed 29 Mar 2015
Mouratidis, H.. Giorgini, P., Manson, G., Philp, I.: A Natural Extension of Tropos Methodology for Modelling Security
Giunchiglia, F., Mylopoulos, J., Perini, A.: The tropos software development methodology: processes, models and diagrams. In: Giunchiglia, F., Odell, J.J., Weiss, G. (eds.) AOSE 2002. LNCS, vol. 2585, pp. 162–173. Springer, Heidelberg (2003)
ISO 19011: Auditing Definitions Translated into Plain English. http://www.praxiom.com/iso-19011-definitions.htm. Accessed 13 Apr 15
Kalloniatis, C., Mouratidis, H., Islam, S.: Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Eng. J. (REJ) 18(4), 299–319 (2013). Springer
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013). Elsevier
Islam, S., Mouratidis, H., Weippl, E.: An empirical study on the implementation and evaluation of a goal-driven software development risk management model. J. Inf. Softw. Technol. 56(2), 117–133 (2014). Elsevier
Acknowledgement
This work was partly supported by the Austrian Science Fund (FWF) project no. P26289-N23.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ismail, U.M., Islam, S., Mouratidis, H. (2015). A Framework for Cloud Security Audit. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-23276-8_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23275-1
Online ISBN: 978-3-319-23276-8
eBook Packages: Computer ScienceComputer Science (R0)