Authors:
Michael Diener
1
and
Thomas Bolz
2
Affiliations:
1
University of Regensburg, Regensburg, Germany
;
2
IU International University of Applied Sciences, Erfurt, Germany
Keyword(s):
Cloud Computing, Public Administration, Information Security Management, Security Audits.
Abstract:
Digitization is on the rise in Europe’s public administrations. Since the Covid-19 pandemic began, public cloud services have become essential in this domain. However, there are still security concerns about the usage of external cloud resources in business processes of public authorities, although numerous technical concepts for improving security are already available. In this paper, we focus on internal processes of information security management systems (ISMS) in public administrations. We identified potential challenges such as a lack of knowledge about cloud security and unclear roles and responsibilities when using ISMS tools in this application domain. As a possible solution, we present a tool-based approach that is based on an easyto-use online questionnaire, which can be automatically evaluated based on predefined sentiments. With this approach, we can provide the required visibility into the status quo of public cloud security while integrating various stakeholders within
public administrations into a holistic ISMS process.
(More)