Browse > Article
http://dx.doi.org/10.14400/JDC.2015.13.8.43

A study on Development of Certification Schemes for Cloud Security  

Jung, Jin-Woo (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.)
Kim, Jungduk (Dept. of Industrial Security, The College of Business & Economics of Chung-Ang Univ.)
Song, Myeong-Gyun (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.)
Jin, Chul-Gu (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.)
Publication Information
Journal of Digital Convergence / v.13, no.8, 2015 , pp. 43-49 More about this Journal
Abstract
As the cloud computing law was passed in March, 2015, many private companies and public organizations give consideration to introduce cloud computing services. However, most of them are still concerned about the security issues in cloud computing services. To solve the problem, a certification system of cloud security is necessary as an enabler for adoption of the trusted cloud services. There have been a number of studies about certification systems for cloud security, but only few studies exist about certification scheme of cloud security. Therefore, in this study, foreign certification systems for cloud security are analyzed to draw requirements for developing a domestic certification scheme for cloud security. Based on the result of analysis, this study proposes the three certification schemes of cloud security, which have been reviewed by the focus group interview method to draw advantages and disadvantages of each scheme.
Keywords
convergence cloud service; cloud security certification system; cloud security scheme; focus group interview; cloud security policy;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 DOI: http://blog.lgcns.com/770, April 28.
2 M. S. Jung, Study on the main content of cloud computing Development Act, Korea Entertainment Industry Association, Vol. 5, pp. 163-167, 2015.
3 K. C. Kim, O. Heo, S. J. Kim, A Security Evaluation Criteria for Korean Cloud Computing Service, Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 2, pp 251-265, 2013.   DOI   ScienceOn
4 C. V. Brown, S. L. Magill, Alignment of the IS functions with the enterprise: toward a model of antecedents, Journal of MIS Quarterly, Vol. 18, No. 4, pp 371-403, 1994.   DOI   ScienceOn
5 NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information System, 2010.
6 S. J. Jang, The Analysis of FedRAMP, Weekly Technology Trend, 2013.
7 Y. H. Park, Korean cloud certification system through foreign case of analysis and suggestions, Master's dissertation in Sejong Cyber University, 2015.
8 J. Y. Choi, E. J. Choi, M. J. Kim, A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013, Journal of Digital Convergence, Vol. 12, No. 1, pp 405-414, 2013.   DOI
9 Korean Standards Association, R&D Road map based on Standard, 2014.
10 CSA: Open Certification Framework rev1, 2013.
11 ISO/IEC 17000 : 2004: Conformity assessment - vocabulary and general principles, 2004.
12 R. A. Krueger, M. A. Casey, Focus Groups: A practical guide for applied research 4th edition, sega publication(CA), London, 2008.
13 ENISA: Cloud computing information assurance framework, 2010.
14 ISACA: IT control objectives for could computing, 2011.
15 KISA: Public data system restructuring in the UK government, 2014
16 G. S. Lee, Strengthening Security on the Internal Cloud Service Certification, Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 6, pp,1231-1238, 2013   DOI   ScienceOn