Leveraged BMIS model for cloud risk control

Journal of Information Processing Systems

Volumn 10, Issue 2, 2014, Pages 240-255

  Song, YouJin ^a   Pang, Yasheng ^b  

^a Dongguk University   (South Korea)

^b ElComTec Co   (South Korea)

Author keywords

BMIS; Cloud risk; CSFs; Effective model; Leverage point; Risk control

Indexed keywords

INFORMATION MANAGEMENT;

BMIS; CLOUD SERVICE PROVIDERS; CRITICAL SUCCESS FACTOR; CSFS; LEVERAGE POINTS; RISK CONTROLS; SECURITY MANAGEMENT; TECHNOLOGY PROBLEMS;

DISTRIBUTED DATABASE SYSTEMS;

EID: 84944443421     PISSN: 1976913X     EISSN: 2092805X     Source Type: Journal    
DOI: 10.3745/JIPS.03.0004     Document Type: Article

References (27)

1. G. Zhao, " Holistic framework of security management for cloud service providers," in Proceedings of the 10th IEEE International Conference on Industrial Informatics, Beijing, China, 2012, pp. 852-856.
2. Z. Guo, M. Song, and J. Song, " A governance model for cloud computing," in Proceedings of the International Conference on Management and Service Science, Wuhan, China, 2010, pp. 1-6.
3. J. J. Hwang, H. K. Chuang, Y. C. Hsu, and C. H. Wu, " A business model for cloud computing based on a separate encryption and decryption service," in Proceedings of the International Conference on Information Science and Applications, Jeju, Korea, 2011, pp. 1-7.
4. C. C. Lo, Information Security and Its Impact on Business. Hsinchu, Taiwan: National Chiao-Tung University, 2006.
5. R. von Rössing, " Applying BMIS to cloud security," in ISSE 2010 Securing Electronic Business Processes, N. Pohlmann, H. Reimer, and W. Schneider, Eds. Berlin, Germany: Vieweg+Teubner Verlag, 2011, pp. 101-112.
6. S. Sembhi, " The business model for information security," in RSA Conference Europe, London, UK, 2010.
7. D. Meadows (1999). Leverage points: places to intervene in a system [Online]. Available: http://www.donellameadows.org/archives/leverage-points-places-to-intervene-in-a-system/
8. Information Systems Audit and Control Association (ISACA) (2010). An introduction to the business model for information security [Online]. Available: http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf
9. Information Systems Audit and Control Association (ISACA) (2010). ISACA issues new comprehensive business model for information security [Online]. Available: http://www.isaca.org/About-ISACA/Press-room/News-Releases/2010/Pages/ISACA-Issues-New-Comprehensive-Business-Model-for-Information-Security.aspx
10. R. D. Daniel, " Management information crisis," Harvard Business Review, vol. 39, no. 5, pp. 111-121, 1961.
11. J. F. Rockart, " Chief executives define their own data needs," Harvard Business Review, vol. 57, no. 2, pp. 81-93, 1979.
12. C. V. Bullen and J. F. Rockart, " A primer on critical success factors," Alfred P. Sloan School of Management, Center for Information Systems Research, Working Paper No. 69, 1981.
13. Wikipedia. Critical Success Factor [Online]. Available: http://en.wikipedia.org/wiki/Critical_success_factor#cite_note-4
14. R. A. Caralli, " The critical success factor method: establishing a foundation for enterprise security management," Carnegie Mellon University, Pittsburgh, PA, Technical Report CMU/SEI-2004-TR-010, 2004.
15. J. S. Wang, C. H. Liu, and G. T. R. Lin, " How to manage information security in cloud computing," in IEEE International Conference on Systems, Man, and Cybernetics, Anchorage, AK, 2011, pp. 1405-1410.
16. D. Vohradsky, " Cloud risk: 10 principles and a framework for assessment," ISACA Journal, vol. 5, pp. 31-41, 2012.
17. Wikipedia. Lever [Online]. Available: http://en.wikipedia.org/wiki/Lever#cite_note-1
18. Cloud Security Alliance (CSA) (2010). Top Threats to Cloud Computing V1.0 [Online]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
19. V. Mukhin and A. Volokyta, " Notice of violation of IEEE publication principles security risk analysis for cloud computing systems," in Proceedings of the IEEE 6th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Prague, Czech Republic, 2011, pp. 737-742.
20. W. A. Jansen, " Cloud hooks: security and privacy issues in cloud computing," in Proceeding of the 44th Hawaii International Conference on System Sciences, Kauai, HI, 2011, pp. 1-10.
21. Y. Kadam, " Security issues in cloud computing: a transparent view," International Journal of Computer Science & Emerging Technologies, vol. 2, no. 5, pp. 316-322, 2011.
22. J. Brodkin, " Gartner: seven cloud-computing security risks," InfoWorld News [Online]. Available: http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
23. S. K. B. Tammaiah, " Cloud computing data security internet and web system2-term paper," unpublished.
24. D. Firesmith, " Specifying reusable security requirements," Journal of Object Technology, vol. 3, no. 1, pp, 61-75, 2004.
25. Wikipedia. Technology [Online]. Available: http://en.wikipedia.org/wiki/Technology
26. Y. Li, " Security & standards in the Cloud: building trust through openness and interoperability in the Cloud," unpublished.
27. P. Saripalli and B. Walters, " QUIRC: a quantitative impact and risk assessment framework for cloud security," in Proceedings of the IEEE 3rd International Conference on Cloud Computing, Miami, FL, 2010, pp. 280-288.