Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Leveraged BMIS Model for Cloud Risk Control

  • Received : 2013.07.19
  • Accepted : 2013.09.26
  • Published : 2014.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security management and framework in the information system. In this paper, we find the specific business meaning of the BMIS model and try to apply and leverage this model to cloud risk. Through a previous study, we select and determine the causal risk factors in cloud service, which are also known as CSFs (Critical Success Factors) in information management. Subsequently, we distribute all selected CSFs into the BMIS model by mapping with ten principles in cloud risk. Finally, by using the leverage points, we try to leverage the model factors and aim to make a resource-optimized, dynamic, general risk control business model for cloud service providers.

Keywords

References

  1. G. Zhao, "Holistic framework of security management for cloud service providers," in Proceedings of the 10th IEEE International Conference on Industrial Informatics, Beijing, China, 2012, pp. 852-856.
  2. Z. Guo, M. Song, and J. Song, "A governance model for cloud computing," in Proceedings of the International Conference on Management and Service Science, Wuhan, China, 2010, pp. 1-6.
  3. J. J. Hwang, H. K. Chuang, Y. C. Hsu, and C. H. Wu, "A business model for cloud computing based on a separate encryption and decryption service," in Proceedings of the International Conference on Information Science and Applications, Jeju, Korea, 2011, pp. 1-7.
  4. C. C. Lo, Information Security and Its Impact on Business. Hsinchu, Taiwan: National Chiao-Tung University, 2006.
  5. R. von Rossing, "Applying BMIS to cloud security," in ISSE 2010 Securing Electronic Business Processes, N. Pohlmann, H. Reimer, and W. Schneider, Eds. Berlin, Germany: Vieweg+Teubner Verlag, 2011, pp. 101-112.
  6. S. Sembhi, "The business model for information security," in RSA Conference Europe, London, UK, 2010.
  7. D. Meadows (1999). Leverage points: places to intervene in a system [Online]. Available: http://www.donellameadows.org/archives/leverage-points-places-to-intervene-in-a-system/
  8. Information Systems Audit and Control Association (ISACA) (2010). An introduction to the business model for information security [Online]. Available: http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf
  9. Information Systems Audit and Control Association (ISACA) (2010). ISACA issues new comprehensive business model for information security [Online]. Available: http://www.isaca.org/About-ISACA/Press-room/News-Releases/2010/Pages/ISACA-Issues-New-Comprehensive-Business-Model-for-Information-Security.aspx
  10. R. D. Daniel, "Management information crisis," Harvard Business Review, vol. 39, no. 5, pp. 111-121, 1961.
  11. J. F. Rockart, "Chief executives define their own data needs," Harvard Business Review, vol. 57, no. 2, pp. 81-93, 1979.
  12. C. V. Bullen and J. F. Rockart, "A primer on critical success factors," Alfred P. Sloan School of Management, Center for Information Systems Research, Working Paper No. 69, 1981.
  13. Wikipedia. Critical Success Factor [Online]. Available: http://en.wikipedia.org/wiki/Critical_success_factor#cite_note-4
  14. R. A. Caralli, "The critical success factor method: establishing a foundation for enterprise security management," Carnegie Mellon University, Pittsburgh, PA, Technical Report CMU/SEI-2004-TR-010, 2004.
  15. J. S. Wang, C. H. Liu, and G. T. R. Lin, "How to manage information security in cloud computing," in IEEE International Conference on Systems, Man, and Cybernetics, Anchorage, AK, 2011, pp. 1405-1410.
  16. D. Vohradsky, "Cloud risk: 10 principles and a framework for assessment," ISACA Journal, vol. 5, pp. 31-41, 2012.
  17. Wikipedia. Lever [Online]. Available: http://en.wikipedia.org/wiki/Lever#cite_note-1
  18. Cloud Security Alliance (CSA) (2010). Top Threats to Cloud Computing V1.0 [Online]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
  19. V. Mukhin and A. Volokyta, "Notice of violation of IEEE publication principles security risk analysis for cloud computing systems," in Proceedings of the IEEE 6th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Prague, Czech Republic, 2011, pp. 737-742.
  20. W. A. Jansen, "Cloud hooks: security and privacy issues in cloud computing," in Proceeding of the 44th Hawaii International Conference on System Sciences, Kauai, HI, 2011, pp. 1-10.
  21. Y. Kadam, "Security issues in cloud computing: a transparent view," International Journal of Computer Science & Emerging Technologies, vol. 2, no. 5, pp. 316-322, 2011.
  22. J. Brodkin, "Gartner: seven cloud-computing security risks," InfoWorld News [Online]. Available: http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
  23. S. K. B. Tammaiah, "Cloud computing data security internet and web system2-term paper," unpublished.
  24. D. Firesmith, "Specifying reusable security requirements," Journal of Object Technology, vol. 3, no. 1, pp, 61-75, 2004. https://doi.org/10.5381/jot.2004.3.1.c6
  25. Wikipedia. Technology [Online]. Available: http://en.wikipedia.org/wiki/Technology
  26. Y. Li, "Security & standards in the Cloud: building trust through openness and interoperability in the Cloud," unpublished.
  27. P. Saripalli and B. Walters, "QUIRC: a quantitative impact and risk assessment framework for cloud security," in Proceedings of the IEEE 3rd International Conference on Cloud Computing, Miami, FL, 2010, pp. 280-288.

Cited by

  1. Efficient Resource Management Scheme for Storage Processing in Cloud Infrastructure with Internet of Things vol.91, pp.4, 2016, https://doi.org/10.1007/s11277-015-3093-8
  2. A Generic Software Development Process Refined from Best Practices for Cloud Computing vol.7, pp.5, 2015, https://doi.org/10.3390/su7055321