An applied methodology for information security and assurance: A study case for cloud computing

Tipo de publicación: Conference Paper

Publicado en: Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for

Autores
  • Villalon-Fonseca, R.
  • Solano-Rojas, B.J.
  • Marin-Raventos, G.

Investigadores del CITIC asociados a la publicación
Ricardo Villalón Fonseca
Braulio Solano Rojas
Gabriela Marín Raventós

Proyecto asociado a la publicación
Creación de la Nube Académica Computacional de la UCR (NAC)

Palabras claves
  • cloud computing
  • Computational modeling
  • Hardware
  • information security
  • Servers
  • Standards
Resumen

Information security is one of the main concerns in many fields of computer and information technologies, and even more on new emerging technologies such as cloud computing. Current security standards and models usually focus on "what" has to be done about security, but they do not propose "how" to deal with the inherent complexity of assuring modern infrastructures. Security standards usually produce large check lists describing security countermeasures, but they lack a comprehensive and complete process to define the security requirements of information being managed. As a consequence, security implementations may miss important security controls, and they cannot guarantee a consistent and in-depth security implementation at the different layers of the system. We propose a methodology with a novel hierarchical approach to guide a comprehensive and complete assurance process. Real use cases are shown, by applying our methodology to assure a private cloud being developed at the Universidad de Costa Rica (UCR).

DOI BIBTEXT

Datos bibliográficos
Cita bibliográfica
An applied methodology for information security and assurance: A study case for cloud computing