Browse > Article
http://dx.doi.org/10.14400/JDPM.2014.12.1.405

A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013  

Choi, Ju-Young (Dept. of Information Security, Seoul Women's University)
Choi, Eun-Jung (Dept. of General Education, Seoul Women's University)
Kim, Myuhng-Joo (Dept. of Information Security, Seoul Women's University)
Publication Information
Journal of Digital Convergence / v.12, no.1, 2014 , pp. 405-414 More about this Journal
Abstract
It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.
Keywords
Cloud Service Assessment; ISO/IEC 27001:2013; Information Security Management System; CSA CCM v.3; FedRAMP;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Telecommunications Technology Association, http://word.tta.or.kr/terms/terms.jsp
2 IDC, WorldWide and Regional Public IT Cloud Services 2013-2017 Forecast
3 W. Y. Kang, Market Views and Policy Trends for Foreign Cloud, Internet & Security Issue, pp. 10, Jun. 2012.
4 ISO/IEC FDIS 27001 Information technology - Security techniques - Information security management systems - Requirements, ISO/IEC, 2013, http://www.iso.org
5 Cloud Security Alliance, CSA Position Paper on AICPA Service Organization Control Reports, Feb. 2013.
6 PCI-DSS, Information Supplement: PCI DSS Cloud Computing Guidelines Version 2.0, Feb. 2013.
7 FedRAMP: The Federal Risk and Authorization Ma nagement Program, FedRAMP CONOPS Version 1. 2, Jul. 2012.
8 Cloud Security Alliance, Open Certification Framew ork Vision Statement, Rev. 1, Aug. 2013.
9 ISACA, Cloud Computing Management Audit/Assu rance Program, 2010.
10 KCSA, Assessment Criteria of Cloud Service, Feb. 2012.
11 NIST Computer Security Division, "Recommended Security Control for Federal Information Systems an d Organizations", NIST SP 800-53 Revision 3, Feb, 2010.
12 Kchul Kim, Ok Heo, Seungjoo Kim, A Security Eva luation Criteria for Korean Cloud Computing Service, Journal of The Korea Institute of Information Sec urity & Cryptology, Vol. 23, No. 2, pp. 251-265, 2013.   DOI   ScienceOn
13 Kyoung-a Shin, Sang-jin Lee, Information Security Management System on Cloud Computing Service, Journal of The Korea Institute of Information Securit y & Cryptology, Vol. 22, No. 1, pp. 156-167. 2013.