Pattern-based and ISO 27001 compliant risk analysis for cloud systems

2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2014 - Proceedings

Volumn , Issue , 2014, Pages 42-47

  Alebrahim, Azadeh ^a   Hatebur, Denis ^a   Goeke, Ludger ^b  

^a UNIVERSITY OF DUISBURG ESSEN   (Germany)

^b ITESYS GmbH Dortmund   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; RISK ASSESSMENT; SECURITY OF DATA;

AMBIGUOUS DESCRIPTION; APPLICATION EXAMPLES; CLOUD PROVIDERS; CLOUD SERVICES; COMPUTING SYSTEM; CONTROL PATTERNS; SECURITY MECHANISM; SECURITY REQUIREMENTS;

RISK ANALYSIS;

EID: 84908642167     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ESPRE.2014.6890527     Document Type: Conference Paper

References (19)

1. C. Alberts and A. Dorofee. Managing Information Security Risks: The OCTAVE (SM) Approach. Addison-Wesley Professional, 2002.
2. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. Above the clouds: A berkeley view of cloud computing. Technical report, Berkeley, 2009.
3. K. Beckers, I. Côté, S. Fabbender, M. Heisel, and S. Hofbauer. A patternbased method for establishing a cloud-specific information security management system. Requirements Engineering, pages 1-53, 2013.
4. K. Beckers, I. Côté, and L. Goeke. A Catalog of Security Requirements Patterns for the Domain of Cloud Computing Systems. In Proc. 29th Symposium on Applied Computing. ACM, 2014. Accepted for Publication.
5. K. Beckers, I. Côté, L. Goeke, S. Güler, and M. Heisel. Structured pattern-based security requirements elicitation for clouds. In Proc. of the 7th Int. Workshop on Secure Software Engineering (SecSE), pages 465-474. IEEE Computer Society, 2013.
6. K. Beckers, M. Heisel, B. Solhaug, and K. Stølen. ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System. In Engineering Secure Future Internet Services, LNCS 8431, page 315344. Springer, 2014.
7. K. Beckers, J.-C. Küster, S. Fabbender, and H. Schmidt. Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In Proc. of the Int. Conf. on Availability, Reliability and Security (ARES), pages 327-333. IEEE Computer Society, 2011.
8. CSA. Security guidance for critical areas of focus in cloud computing v3.0, 2011.
9. European Network and Information Security Agency. Cloud computing -benefits, risks and recommendations for information security, 2009.
10. B. Fabian, S. Gürses, M. Heisel, T. Santen, and H. Schmidt. A comparison of security requirements engineering methods. Requirements Engineering -Special Issue on Security Requirements Engineering, 15(1):7-40, 2010.
11. R. A. Gandhi and S. W. Lee. Discovering multidimensional correlations among regulatory requirements to understand risk. ACM Trans. Softw. Eng. Methodol., 20(4):16:1-16:37, Sept. 2011.
12. J. Heiser and M. Nicolett. Assessing the security risks of cloud computing, June 2008.
13. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Information technology -Security techniques -Information security management systems -Requirements (ISO/IEC 27001), 2005.
14. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Information technology -Security techniques -Information security risk management (ISO/IEC 27005), 2011.
15. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Information technology -Security techniques -Code of practice for information security controls (ISO/IEC 27002), 2013.
16. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Information technology -Security techniques -Information security management systems -Requirements (ISO/IEC 27001), 2013.
17. M. S. Lund, B. Solhaug, and K. Stølen. Model-Driven Risk Analysis. The CORAS Approach. Springer, 2010.
18. P. Mell and T. Grance. The NIST definition of cloud computing. Special Publication 800-145 of the National Institute of Standards and Technology (NIST), 2011.
19. Microsoft Corporation. The security risk management guide, 2006