How to Manage Cloud Risks Based on the BMIS Model

  title={How to Manage Cloud Risks Based on the BMIS Model},
  author={Youjin Song and Yasheng Pang},
  journal={J. Inf. Process. Syst.},
Abstract —Information always comes with security and risk problems. There is the saying that, “The tall tree catches much wind,” and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through… 
A Generic Software Development Process Refined from Best Practices for Cloud Computing
This study analyzes actual cases of SaaS cloud computing environment adoption as a way to derive four new best practices for software development and incorporates the identifiedbest practices for currently-in-use processes.
A Secure Storage System for Sensitive Data Protection Based on Mobile Virtualization
The experiments are conducted to measure the performance overhead imposed by security features in SD and by overall system with interdomain communication from GD to SD and to suggest applicability of various secure functions which can be applied in the secure storage system.
Social control through deterrence on the compliance with information security policy
This study uses social control theory to understand the effects of deterrence on public corporation employees' ISS compliance and elucidate employees’ motivations of ISS violation and different perceptions of sanction threats.


How to manage information security in cloud computing
This study aims to collect Key Success Factors that determine the management information security in cloud computing through literature review and design of a questionnaire survey using Fuzzy Analytic Hierarchy Process.
QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security
A quantitative risk and impact assessment framework (QUIRC) is presented, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.
Notice of Retraction A Governance Model for Cloud Computing
A Cloud-based governance model is proposed that marks out a path that will guide the enterprise into the cloud in a controlled and secure manner.
Holistic framework of security management for cloud service providers
  • G. Zhao
  • Computer Science
    IEEE 10th International Conference on Industrial Informatics
  • 2012
This paper introduces a holistic security management framework based on aligning policies relating to standards of IT governance and security management to fit with the cloud computing model, enabling cloud service providers and consumers to be security certified.
The management of security in Cloud computing
Gartner's list on cloud security issues, as well the findings from the International Data Corporation enterprise panel survey based on cloud threats, will be discussed in this paper.
Cloud computing security requirements: A systematic review
  • Iliana Iankoulova, M. Daneva
  • Computer Science
    2012 Sixth International Conference on Research Challenges in Information Science (RCIS)
  • 2012
The goal is to provide a comprehensive and structured overview of cloud computing security requirements and solutions and it is found that the least researched sub-areas are non-repudiation, physical protection, recovery and prosecution, and that access control, integrity and auditability are the most researched sub theareas.
Applying BMIS to Cloud Security
The introduction of intelligent end-point devices and direct accessibility of webbased services has blurred the boundaries of traditional companies and their perimeter, and creates new challenges for security management, including the business value and cost-benefit considerations.
Security Paradigm in Ubiquitous Computing
Why the CIA (Confidentiality, Integrity and Availability) paradigm is no more valid and able to perform its effect in a post-modern world, and why Cloud and Pervasive Computing requires a new approach in which the user become the main actor of the entire security system.
A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service
This study proposes a business model for cloud computing based on the concept of separating the encryption and decryption service from the storage service, and a CRM (Customer Relationship Management) service is described in this paper as an example to illustrate the proposed business model.
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management
Abstract : Every organization has a mission that describes why it exists (its purpose) and where it intends to go (its direction). The mission reflects the organization's unique values and vision.