IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach

  title={IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach},
  author={Gunnar Wahlgren and Stewart James Kowalski},
  journal={Int. J. E Entrepreneurship Innov.},
We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and we claim that IT Security Risk Management framework exist at each organizational levels. In this pa ... 
IT Security Risk Management Model for Handling IT-Related Security Incidents : The Need for a New Escalation Approach
Managing IT-related security incidents is an important issue facing many organizations in Sweden and around the world. To deal with this growing problem, the authors have used a design science appr
A Road Map to Risk Management Framework for Successful Implementation of Cloud Computing in Oman
The main objective of this research is to explore the existing risk management frameworks in order to recommend an appropriate risk management framework for cloud computing environment and the recommended framework can be used in conjunction with other risk management approaches for industries which already moved to cloud or in transition of moving towards cloud environment in Oman.
From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden
Purpose This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.
Classification of Critical Cloud Computing Security Issues for Banking Organizations: A Cloud Delphi Study
A successful classification of critical cloud security issues will greatly improve the probability of cloud banking success rate and control and mitigate the critical security issues by using artificial intelligence techniques (ANN).
Resilient Organisations in the Cloud Research in Progress
Cloud computing is a way of delivering computing resources that promises numerous benefits, however, organisations worry about its extra levels of abstraction. This additional complexity represents a
Survey on Threats and Risks in the Cloud Computing Environment
This study surveys threats in the scope of: Data, Applications, Infrastructure, and services in general in the cloud computing environment to provide a more detailed understanding of the types of threats for each service in thecloud.
Risk Assessment on Cloud Computing for The Learning System in The Education Environment
The tools used to measure the level of risk for dangerous or non-hazardous activities for the learning system can be used for more extensive research aimed at measuring institutional-level risks in the education sector.
Towards a Maturity Improvement Process - Systemically Closing the Socio-Technical Gap
It is suggested that an ongoing evaluation of the process must be outlined, to validate the effect of the improvement action points suggested and to close the socio-technical gap in information (cyber) security.
A Business Model Framework for Second Life
This chapter provides a framework to analyse the marketing and promotion advantages of Virtual Communities and applies it to Second Life in order to analyse three different business strategies that companies usually implement by using this platform.
Analysing the Impact of a Business Intelligence System and New Conceptualizations of System Use
Purpose In this study, three models were empirically compared, the DeLone and McLean model, the Seddon model and the Modified Seddon model, by measuring the impact of a business intelligence system


Information Security Risk Management
* Discusses all types of corporate risks and practical means of defending against them. * Security is currently identified as a critical area of Information Technology management by a majority of
The NIST Definition of Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that
Cloud Computing Synopsis and Recommendations
This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides
Information Security Guidelines for Organizations Intending to Adopt Cloudsourcing
Change is constant and computing paradigm is no exception. It has witnessed major shifts right from centralized client server systems to widely distributed systems. This time the locus of change in
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
This book lays out the Information Security Management Metrics, which require the use of objective information about the status and effectiveness of information security controls in relation to the risks, in order to drive appropriate improvements in the organization's Information Security management System (ISMS).
Cloud computing
As software migrates from local PCs to distant Internet servers, users and developers alike go along for the ride.
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations: National Institute of Standards and Technology Special Publication 800-137
The purpose of the National Institute of Standards and Technology Special Publication 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems
This is a Hard copy of the NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems. The objective of performing risk management is to enable the organization to
Risk management in a dynamic society: a modelling problem
It is argued that risk management must be modelled by cross-disciplinary studies, considering risk management to be a control problem and serving to represent the control structure involving all levels of society for each particular hazard category, and that this requires a system-oriented approach based on functional abstraction rather than structural decomposition.
Clustering and Ranked Search for Enterprise Content Management
The aim of this work is to understand more closely where the border lies between relational and Not Only Structured Query Language (NoSQL) platform as concerns Enterprise Content Management (ECM) area and compare two platforms for this model.