Cloud security metrics

Proceedings of 2011 6th International Conference on System of Systems Engineering: SoSE in Cloud Computing, Smart Grid, and Cyber Security, SoSE 2011

Volumn , Issue , 2011, Pages 341-345

  Bayuk, Jennifer ^a  

^a STEVENS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

cloud computing; computer security; metrics; security; systems engineering; validation; verification

Indexed keywords

CLOUD SERVICES; INFORMATION ASSURANCE; METRICS; SECURITY; SECURITY AUDIT; SECURITY CONTROLS; SECURITY METRICS; SECURITY PROFESSIONALS; SECURITY REQUIREMENTS; SYSTEMS-OF-SYSTEMS; VALIDATION; VALIDATION APPROACH;

CLOUD COMPUTING; COMPUTER SYSTEMS; DISTRIBUTED DATABASE SYSTEMS; SECURITY SYSTEMS; SMART POWER GRIDS; SYSTEMS ENGINEERING;

SECURITY OF DATA;

EID: 80052254325     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SYSOSE.2011.5966621     Document Type: Conference Paper

References (20)

1. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), "Systems and software engineering - System life cycle processes (ISO/IEC 15288)," 2008.
2. J. Bayuk, "The Utility of Security Standards," presented at the International Carnahan Conference on Security Technology (ICCST), 2010.
3. The Orange Book, "Trusted Computer System Evaluation Criteria," Department of Defense, 1985 (supercedes first version of 1983).
4. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), "Information technology - Systems Security Engineering - Capability Maturity Model (SSE-CMM, ISO/IEC 28127)," 2002.
5. Common Criteria Recognition Agreement, "Common Criteria for Information Technology Security Evaluation Version 3.1," 2009.
6. R. Ross, et al., "Recommended Security Controls for Federal Information Systems, SP 800-53 Rev 2," National Institute of Standards and Technology, 2007.
7. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), "Information technology - Security techniques - Code of practice for information security management (ISO/IEC 27002)," 2005.
8. National Vulnerability Database. Available: http://nvd.nist.gov/
9. B. Nevo, "Face Validlity Revisited," Journal of Educational Measurement, vol. 22, pp. 287-293, 1985.
10. E. Carmines and R. Zeller, Reliability and Validity Assessment. Thousand Oaks, California: SAGE Publications, 1979.
11. MITRE, "Common Vulnerabilities and Exposures, dictionary of common names for publicly known information security vulnerabilities," see http://cve.mitre.org.
12. G. McGraw, Software Security: Addison-Wesley, 2006.
13. R. Mogull, "An Open Letter to Robert Carr, CEO of Heartland Payment Systems," in Securosis Blog vol. 2009, Securosis, 2009.
14. G. Shipley. (2010, October 11, 2010) Epic Fail. Information Week. 26-38.
15. G. Stoneburner, "Underlying Technical Models for Information Technology Security," National Institute of Standards and Technology, 2001.
16. International Telecommunication Union, "Security architecture for systems providing end-to-end communications," vol. ITU-T Recommendation X.805, 2003.
17. J. L. Bayuk and B. M. Horowitz, "An Architectural Systems Engineering Methodology for Addressing Cyber Security," Systems Engineering, vol. 14, 2011.
18. J. Bayuk, et al., "Systems Security Engineering, A Research Roadmap, Final Technical Report," Systems Engineering Research Center (www.sercuarc.org) SERC-2010-TR-005, 2010.
19. Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, see http://www.cloudsecurityalliance.org," 2009.
20. P. G. Neumann, "Principled Assuredly Trustworthy Composable Architectures," SRI International, 2004.