Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.6.1231

Strengthening Security on the Internal Cloud Service Certification  

Lee, Gangshin (KIM & CHANG)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.6, 2013 , pp. 1231-1238 More about this Journal
Abstract
In the background of rapidly increasing domestic cloud service demand, worries about security and privacy incidents can hinder the promotion of cloud service industry. Thus, it is crucial that the independent 3rd party assures the reliability for using the cloud service. This paper compares several external and internal cloud service certification cases, for example CSA certification, FedRAMP certification, KCSA certification, and concludes that insufficient security and privacy controls are prevailing. As a consequence, several enhanced countermeasures by using ISO/IEC 27017, KISA's ISMS considering manageability and expertise are proposed in the cloud service certification system.
Keywords
Cloud; Certification; Security; Control;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Symantec, "Avoiding the hidden costs of the cloud," pp. 4, 2013.
2 CISCO, "Cisco Global Cloud Index: Forecast and Methodology, 2011-2016," pp. 3, 2012.
3 CDW, "2013 State of The Cloud Report," pp. 3, Feb. 2013.
4 CSA, "Consensus Assessment Initiative Questionnaire (CAIQ) v1.1," Sep. 2011.
5 CSA, "Cloud Control Matrix (CCM) v3.0", Sep. 2013.
6 https://cloudsecurityalliance.org/
7 CSA, "Security Guidance for Critical Areas of Focus Cloud Computing v3.0", 2011.
8 ENISA, "Cloud Computing Benefits, risks and recommendations for information security," Nov. 2009.
9 FMMC, http://www.fmmc.or.jp/asp-nintei/data/shinsa.pdf
10 ISO/IEC, "ISO/IEC WD 27017.4, Information technology - Security techniques - Code of practice for information security controls for cloud computing services," Dec. 2012.
11 KISA, "A Guide of Security Management for Cloud Computing Services," pp. 103-130, Nov. 2010.
12 FMCC, "ASP.SaaS安全.信頼性に係る情報開 示認定制度 審査対象項目: 事業者", pp. 1-2, 2013.
13 BSA, "2013 BSA Global Cloud Computing Scorecard", pp. 10-11, 2012.