Browse > Article

Vulnerability and Security Management System from the Perspective of the Cloud Service Users  

Choi, Young-Jin (Department of Medicine Management, Eulji University)
Ra, Jong-Hei (Department of Logistics & Distribution Management, Gwangju University)
Ky, Hong Pil (Department of Management, Korea Digital University)
Lee, Sang-Hak (National Information Society Agency)
Publication Information
Journal of Information Technology and Architecture / v.9, no.4, 2012 , pp. 401-411 More about this Journal
Abstract
There has been increased interest for cloud computing services that can promote cost savings while increasing investment in information resources. Cloud computing, however, has a disadvantage physically located in the external information resources to take advantage of the economic benefits, the advantages and increase the vulnerability of information protection and control of information assets. In this study, due to the unique properties of the new services, including vulnerability, the vulnerability of cloud computing derive the vulnerability of cloud computing and control items were derived through the mapping between vulnerability and control items, that are not being managed to identify vulnerabilities Cloud computing risk factors are presented.
Keywords
Cloud service; Vulnerability; security management system;
Citations & Related Records
연도 인용수 순위
  • Reference
1 한국인터넷진흥원, "모바일 클라우드 서비스 보안 침해 대응방안 연구," 2010.
2 Armbrust, Michael, Armando Fox, and Rean Griffith, "Above the Clouds: A Berkeley View of Cloud Computing," Berkeley EECS Department, University of California, 2008.
3 Buyya, Rajkumar, Chee Shin Yeo, and Srikumar Venugopal, "Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities," International Conference on High Performance Computing and Communications, 2008.
4 CIO Council, "Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies', 2010.
5 Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," December 2009.
6 Cloud Security Alliance SecaaS, "Defined Categories of Service 2011," 2011.
7 Danish Jamil, and Hassan Zaki, "Cloud Computing Security," International Journal of Engineering Science and Technology, Vol. 3 No. 4, pp. 3478- 3483, 2011.
8 ENISA, "Cloud computing: benefits, risks and recommendations for information security," November 2009 (http://www.enisa.europa.eu)
9 IDC, "IT Cloud Services User Survey, pt.2: Top Benefits & Challenges," 2008.
10 J. Brodkin, "Gartner: Seven cloud-computing security risks," Infoworld, 2009.
11 L Ertual, S Singhal, and G. Saldamli, "Security challenges in cloud computing," WORLDCOMP 2010, 2010.
12 NIST Special Publication 500-293, "US Government Cloud Computing Technology Roadmap," 2011.
13 NIST Special Publication 800-145, "The NIST Definition of Cloud Computing," 2011.
14 NIST Special Publication 800-53A, "Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans," 2010.
15 Pearson, S., "Taking account of privacy when designing cloud computing services," In ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, Canada, May 2009, pp. 44-52.
16 R. Chow, P. Golle, M. Jakobsson, E. Shi, et al., "Controlling data in the cloud: outsourcing computation without outsourcing control," Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009), 2009.
17 Vaquero, L., Rodero-Merino, L., and Mor, D., "Locking the sky: a survey on IaaS cloud security," Computing, 91, pp. 93-118, 2011.   DOI
18 Wang, Wang, Tao Tao, and Marcel Kunze, "Scientific Cloud Computing: Early Definition and Experience," High Performance Computing and Communications, 2008.
19 Yuefa, D. W. Bo, G. Yaqiang, Z. Quan, and T. Chaojing, "Data Security Model for Cloud Computing," Proceeding of the 2009 International Workshop on Information Security and Application (IWISA 2009) Qingdao, China, 2009.