SecSDLC: A Practical Life Cycle Approach for Cloud-based Information Security
Journal Title: International Journal of Research in Computer and Communication Technology - Year 2015, Vol 4, Issue 2
Abstract
Cloud computing services offer significant benefits to information technology (IT) systems such as reduced cost and shorter implementation time compared to traditional IT environments. However, the cloud multitenancy and web-enabled architecture creates a complex environment in which to develop and manage information security and compliance programs. At the enterprise level, risk and threat management can be an issue if it fails to protect cloud confidentiality, integrity, and availability (CIA). In this paper, a practical cloud security system development life cycle (SecSDLC) methodology is proposed to provide a holistic approach to effective and efficient cloud information security. The SecSDLC is based on industry best practices, and widely used and accepted methodologies such as waterfall SDLC, and NIST SP 800-64 revision 2 information security. Our previously developed solutions for cloud intrusion detection and prevention, security system monitoring, secure SLA, and compliance auditing are incorporated into the SecSDLC. A formal methodology is proposed to address concerns regarding cloud security and compliance requirements. The goal is to increase the probability of a successful information security program and reduce the likelihood of missing or inadequate components that may compromise cloud information security.
Authors and Affiliations
Fahad F Alruwaili, T. Aaron Gulliver
Keywords
Related Articles
- EP ID EP28143
- DOI -
- Views 250
- Downloads 1
Hadoop Map Reduce Job Scheduler Implementation and Analysis in Heterogeneous Environment
Hadoop MapReduce is one of the popular framework for BigData analytics. MapReduce cluster is shared among multiple users with heterogeneous workloads. When jobs are concurrently submitted to the cluster, resources ar...
A New approach for Cam-Shift Algorithm for Tracking a Moving Object
The main aim of this paper to track a target which plays a key component of video surveillance and monitoring systems. In this paper, we present an new approach to CamShift algorithm and kalman filter for tracking a...
Novel Implementation of Low Power Test Patterns for In Situ Test
Test vector generation, its application to CUT and its response analysis are the tasks done by the In Situ Test. A new and efficient approach for the Generation of all one bit changing random input patterns for in sit...
Survey, Classification and Future Direction for Packet Scheduling in 4G Networks to Provide Quality of Service
Packet scheduling is crucial in providing Quality of Service (QoS) at a network node. There is plenty of research related to QoS provisioning in fourth generation (4G) networks because wireless networks have shifted f...
A New Filtering Technique for denoising Speckle Noise from Medical Images Based on Adaptive and Anisotropic Diffusion Filter
This is a preliminary study and the objective of this study has been to compare the performance of some of the primitive and fundamentally different post acquisition image enhancement algorithms as applied to differen...