- Full text PDF available (1)
Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each… (More)
Managing information security in the cloud is a challenge. Traditional checklist approaches to standards compliance may well provide compliance, but do not guarantee to provide security assurance. The complexity of cloud relationships must be acknowledged and explicitly managed by recognising the implications of self-interest of each party involved. We… (More)
All Cloud computing standards are dependent upon checklist methodology to implement and then audit the alignment of a company or an operation with the standards that have been set. An investigation of the use of checklists in other academic areas has shown there to be significant weaknesses in the checklist solution to both implementation and audit, these… (More)
Defining proper measures for evaluating the effectiveness of an assurance model, which we have developed to ensure cloud security, is vital to ensure the successful implementation and continued running of the model. We need to understand that with security being such an essential component of business processes, responsibility must lie with the board. The… (More)
Since the inception of cloud computing, security researchers have been active in addressing the question of cloud information security, which has seen the development of a wide range of technical solutions. The same can be said for non-cloud information security research which has been active for a far longer period of time. Yet, year on year, security… (More)
These notes describe a contribution to the 2011 GIVE Challenge from the University of Aberdeen. Our contribution focuses on an attempt to increase the extent to which participants felt engaged in the direction giving/following game on which the GIVE challenge focuses.
Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable… (More)