SecSDLC: A Practical Life Cycle Approach for Cloud-based Information Security
Journal Title: International Journal of Research in Computer and Communication Technology - Year 2015, Vol 4, Issue 2
Abstract
Cloud computing services offer significant benefits to information technology (IT) systems such as reduced cost and shorter implementation time compared to traditional IT environments. However, the cloud multitenancy and web-enabled architecture creates a complex environment in which to develop and manage information security and compliance programs. At the enterprise level, risk and threat management can be an issue if it fails to protect cloud confidentiality, integrity, and availability (CIA). In this paper, a practical cloud security system development life cycle (SecSDLC) methodology is proposed to provide a holistic approach to effective and efficient cloud information security. The SecSDLC is based on industry best practices, and widely used and accepted methodologies such as waterfall SDLC, and NIST SP 800-64 revision 2 information security. Our previously developed solutions for cloud intrusion detection and prevention, security system monitoring, secure SLA, and compliance auditing are incorporated into the SecSDLC. A formal methodology is proposed to address concerns regarding cloud security and compliance requirements. The goal is to increase the probability of a successful information security program and reduce the likelihood of missing or inadequate components that may compromise cloud information security.
Authors and Affiliations
Fahad F Alruwaili, T. Aaron Gulliver
Keywords
Related Articles
- EP ID EP28143
- DOI -
- Views 273
- Downloads 1
M Commerce in India: Promise and Problems
The purpose of this research paper is to make the readers aware of current scenario and status of commerce in India especially M- commerce or mobile commerce. Now a days mobile phone rather smart phones, tablets, I-pa...
UM: A Novel Seclusion Model for Defending Structural Information of Social Network Data
Publishing or sharing the social network data for social science research and business analysis lack of privacy. Existing technique k-anonymity is used to prevent identification of micro data. Even though an attacke...
Novel Approach To Cell-Counting-Based Attack Against Tor
Different low-latency unidentified communication systems such as Tor and Anonymizer have been deliberate to make available anonymity service for users. In order to hide from view the communication of users, most of t...
Cooperative Caching Strategy For Provisioning Cost Minimization In Social Wireless Networks(Swnet’s)
Social Wireless Networks are formed by mobile devices such as data enabled phones, electronic book readers etc., allocating common interests in electronic content and physically gathering together in public places. E...
Capabilities and Limitations of Path Gain Adjustment in Harmonic Rejection Mixers
Harmonic rejection ratios (HRR) of harmonic rejection mixers (HRM) are limited because of gain and phase inaccuracies. Gain and phase calibration can be employed to enhance HRRs. This paper deals in a systematic way...