Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing

Muhammad Imran Tariq; Vito Santarcangelo

doi:10.5220/0005648702010208

Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing

Muhammad Imran Tariq, Vito Santarcangelo

2016

Abstract

Cloud Computing provides a scalable, high availability and low cost services over the Internet. The advent of newer technologies introduces new risks and threats as well. Although the cloud has a very advanced structures and expansion of services, but security and privacy concerns have been creating obstacles for the enterprise to entirely shift to the cloud. Therefore, both service providers and clients should build an information security system and trust relationship with each other. In this research paper, we analysed most widely used international and industry standard (ISO/IEC 27001:2013) for information security to know its effectiveness for Cloud Organizations, each control importance factor for on-premises, IaaS, PaaS and SaaS, and identify the most suitable controls for the development of SLA based Information Security Metrics for each Cloud Service Model. We generically evaluated ibid standards control objectives without considering Cloud organization size, nature of work, enterprise size. To know effectiveness, relevance to Cloud Computing, factor of standard control objectives for the in-house or in a public cloud, we defined a quantitative metric. We come to the conclusion that ISO / IEC 27001:2013 compliance improves service providers and customer’s information security system and build a trust relationship but not fulfil all requirements and cover all relevant issues.

Download

Paper Citation

in Harvard Style

Tariq M. and Santarcangelo V. (2016). Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 201-208. DOI: 10.5220/0005648702010208

in Bibtex Style

@conference{icissp16,
author={Muhammad Imran Tariq and Vito Santarcangelo},
title={Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={201-208},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005648702010208},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Analysis of ISO 27001:2013 Controls Effectiveness for Cloud Computing
SN - 978-989-758-167-0
AU - Tariq M.
AU - Santarcangelo V.
PY - 2016
SP - 201
EP - 208
DO - 10.5220/0005648702010208