IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems
View Sample PDF
Author(s): Azadeh Alebrahim (University of Duisburg-Essen, Germany), Denis Hatebur (University of Duisburg-Essen, Germany), Stephan Fassbender (University of Duisburg-Essen, Germany), Ludger Goeke (ITESYS Inst. f. tech. Sys. GmbH, Germany)and Isabelle Côté (ITESYS Inst. f. tech. Sys. GmbH, Germany)
 Copyright: 2015
 Pages: 18
 Source title: Transportation Systems and Engineering: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
 DOI: 10.4018/978-1-4666-8473-7.ch037

Purchase

View A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems on the publisher's website for pricing and purchasing information.

Abstract

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

Related Content

Fani Antoniou, Marina Marinelli, Kleopatra Petroutsatou. © 2024. 31 pages.
Konstantinos Kirytopoulos, Vasileios Sarlis, Dimitris Marinakis, Theodoros Kalogeropoulos. © 2024. 26 pages.
Konstantina Ragazou, Ioannis Passas, Alexandros Garefalakis, Constantin Zopounidis. © 2024. 24 pages.
Vannie Naidoo, Rajen Chetty. © 2024. 19 pages.
Alexandros E. Grigoras, Georgios N. Aretoulis, Fani Antoniou, Stylianos Karatzas. © 2024. 30 pages.
Kleopatra Petroutsatou, Theodora Vagdatli, Marina Chronaki, Panagiota Samouilidou. © 2024. 24 pages.
Dimitra Korakaki, Stratos Kartsonakis, Evangelos Grigoroudis, Constantin Zopounidis. © 2024. 34 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.