Abstract
In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with the concept of using proper measurement for a cloud security assurance model. We demonstrate how this approach can be applied, not only to the approach under review, but how it may be applied to address other cloud security requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ahmad, A., Maynard, S.B., Shanks, G.: A case analysis of information systems and security incident responses. Int. J. Inf. Manag. 35(6), 717–723 (2015)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, vol. 50. Wiley, Hoboken (2008)
Arjoon, S.: Corporate governance: an ethical perspective. J. Bus. Ethics 61(4), 343–352 (2012)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Baldwin, A., Beres, Y., Mont, M.C., Shiu, S., Duggan, G., Johnson, H., Middup, C.: An experiment in decision making WEIS 2011. In: WEIS, pp. 1–28 (2011)
Beautement, A., Pym, D.: Structured systems economics for security management. In: WEIS, pp. 1–20 (2010)
Boyd, J.R.: Organic design for command and control. A discourse on winning and losing (1987)
Chang, V., Ramachandran, M., Yao, Y., Kuo, Y.H., Li, C.S.: A resiliency framework for an enterprise cloud. Int. J. Inf. Manag. 36(1), 155–166 (2016)
Chapin, F.S., Kofinas, G.P., Folke, C.: Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World. Springer, Heidelberg (2009)
Doelitzscher, F., Ruebsamen, T., Karbe, T., Reich, C., Clarke, N.: Sun behind clouds - on automatic cloud security audits and a cloud audit policy language. Int. J. Adv. Netw. Serv. 6(1&2) (2013)
Duncan, B., Pym, D.J., Whittington, M.: Developing a conceptual framework for cloud security assurance. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), Bristol, vol. 2, pp. 120–125. IEEE (2013)
Duncan, B., Whittington, M.: Compliance with standards, assurance and audit: does this equal security? In: Proceedings of the 7th International Conference on Security of Information and Networks, Glasgow, pp. 77–84. ACM (2014)
Duncan, B., Whittington, M.: Company management approaches stewardship or agency: which promotes better security in cloud ecosystems? In: Cloud Computing, Nice, pp. 154–159. IEEE (2015a)
Duncan, B., Whittington, M.: Enhancing cloud security and privacy: broadening the service level agreement. In: The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2015), Helsinki, Finland, pp. 1088–1093 (2015b)
Duncan, B., Whittington, M.: Information security in the cloud: should we be using a different approach? In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, pp. 1–6 (2015c)
Duncan, B., Whittington, M.: Reflecting on whether checklists can tick the box for cloud security. In: Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, Singapore, vol. 2015-February, pp. 805–810. IEEE (2015d)
Duncan, B., Whittington, M.: The importance of proper measurement for a cloud security assurance model. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, pp. 1–6 (2015e)
Duncan, B., Whittington, M.: Enhancing cloud security and privacy: the power and the weakness of the audit trail. In: Submitted to Cloud Computing, Rome, pp. 1–6. IEEE (2016)
EU: Unleashing the Potential of Cloud Computing in Europe (2012)
EU: Cloud service level agreement standardisation guidelines. Technical report, EU Commission, Brussels (2014)
EU: Reform of EU data protection rules (2016)
Frøystad, C., Gjære, E.A., Tøndel, I.A., Jaatun, M.G.: Security incident information exchange for cloud services. In: Proceedings of International Conference on Internet of Things and Big Data (2016)
Gill, A.: Corporate governance as social responsibility: a research agenda. Berkeley J. Int. Law 26(2), 452–478 (2008)
Harrington, H.J.: Measurement. CIO, 19 September 1999
Huse, M.: Accountability and creating accountability: a framework for exploring behavioural perspectives of corporate governance. Br. J. Manag. 16(S1), S65–S79 (2005)
Ioannidis, C., Pym, D., Williams, J.: Sustainability in information stewardship: time preferences: externalities and social co-ordination. In: WEIS 2013, pp. 1–24 (2013)
Jaatun, M.G., Nyre, Å.A., Alapnes, S., Zhao, G.: An approach to confidentiality control in the cloud. In: Proceedings of the 2nd International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless Vitae Chennai 2011) (2011)
Jaatun, M.G., Pearson, S., Gittler, F., Leenes, R., Niezen, M.: Enhancing accountability in the cloud. Int. J. Inf. Manag. (2016, to appear)
Jaatun, M.G., Tøndel, I.A.: How much cloud can you handle? In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 467–473 (2015)
Kao, R.: Stewardship Based Economics. World Scientific, Singapore (2007)
Kaspersky: Global Corporate IT Security Risks. Technical report, May 2013
Kolk, A.: Sustainability, accountability and corporate governance: exploring multinationals’ reporting practices. Bus. Strateg. Environ. 17(1), 1–15 (2008)
Neumann, P.G.: Computer-Related Risks. Addison-Wesley, Reading (1995)
OED: Oxford English Dictionary (1989)
Pallas, F.: An agency perspective to cloud computing. In: Altmann, J., Vanmechelen, K., Rana, O.F. (eds.) GECON 2014. LNCS, vol. 8914, pp. 36–51. Springer, Heidelberg (2014). doi:10.1007/978-3-319-14609-6_3
Parker, D.B., Crime, F.C.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, Hoboken (1998)
Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10665-1_12
PWC: UK Information Security Breaches Survey. Technical report, London, April 2012
Reyes, A.: Outsourced incident management services (2015)
Reyes, A., Jaatun, M.G.: Passing the buck: outsourcing incident response management. In: IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 503–508 (2015)
Schneier, B.: The future of incident response. IEEE Secur. Priv. 12(5), 96–96 (2014)
Tøndel, I.A., Line, M.B., Jaatun, M.G.: Information security incident management: current practice as reported in the literature. Comput. Secur. 45, 42–57 (2014)
Willingmyre, G.T.: Standards at the crossroads. StandardView 5(4), 190–194 (1997)
Acknowledgements
The research in this paper has partly been supported by the European Commission (A4Cloud project, grant no. 317550).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Duncan, B., Whittington, M., Jaatun, M.G., Zúñiga, A.R.R. (2017). Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-54380-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54379-6
Online ISBN: 978-3-319-54380-2
eBook Packages: Computer ScienceComputer Science (R0)