A Survey on Security as a Service

Wang, Wenyuan; Yongchareon, Sira

doi:10.1007/978-3-319-68786-5_24

Cited by 3 publications

(6 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches. This paper extends our previous work (Wang and Yongchareon, 2017), which briefly introduced a framework to classify the 10 categories of SECaaS into three groups (protective, detective and reactive), with an inclusion of many more literature in our study and comprehensive analysis and discussions around ISO/IEC 27002:2013, advantages and drawbacks related to using SECaaS solutions, challenges and opportunities SECaaS technology realization and recommendations to the Cloud-based business and practitioners.…”

Section: Introductionmentioning

confidence: 59%

“…This section introduces the 10 SECaaS categories that have already been identified in our previous work (Wang and Yongchareon, 2017), which then they are later used for the mapping with ISO/IEC 27002:2013.…”

Section: Classificationmentioning

confidence: 99%

“…A good SECaaS provider addresses all aspects of security for the implementation of the configuration they are trying to secure, looking beyond ICT and also looking at procedural, organizational and physical aspects of security (Wang and Yongchareon, 2017; De Lange et al , 2016). ISO/IEC 27002 applies to organizations of all types and sizes, including public and private sectors, commercial and non-profit that collecting, processing, storing and transmitting information in a variety of formats including electronic, physical and verbal (IEC, I.…”

Section: Classificationmentioning

confidence: 99%

“…We use safety control perspectives as a key consideration in the classifications used in our research because they are important mechanisms of SECaaS (Wang and Yongchareon, 2017). Fundamentally, security controls are security measures and countermeasures that prevent, detect and mitigate the security risks of assets such as information, computer systems or other assets.…”

Section: Classificationmentioning

confidence: 99%

See 3 more Smart Citations

Security-as-a-service: a literature review

Wang

Yongchareon

2020

IJWIS

Self Cite

View full text Add to dashboard Cite

Purpose This study aims to identify the level of security from existing work, analyze categories of security as a service (SECaaS) and classify them into a meaningful set of groups. Further, the report will advise commercial applications and advice of SECaaS as an extended context to help firms make decisions. Design/methodology/approach This paper compares the SECaaS categories in Cloud Security Alliance (CSA) with the security clauses in ISO/IEC 27002:2013 to give a comprehensive analysis of those SECaaS categories. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including protective, detective and reactive based on security control perspectives. This study has discussed the three groups and their interplay to identify the key characteristics and problems that they aim to address. Findings This paper also adds new evidence to support a better understanding of the current and future challenges and directions for SECaaS. Also, the study reveals both the positive and negative aspects of SECaaS along with business cases. It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches. Originality/value SECaaS has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud computing. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. However, it is still in infancy and not very widely investigated. Recent studies suggest that SECaaS is an efficient solution for Cloud and real industries. However, shortcomings of SECaaS have not been well-studied and documented. Moreover, reviewing the existing research, researchers did not classify the SECaaS-related categories.

show abstract

Section: Introductionmentioning

confidence: 59%

Section: Classificationmentioning

confidence: 99%

Section: Classificationmentioning

confidence: 99%

Section: Classificationmentioning

confidence: 99%

See 2 more Smart Citations

Security-as-a-service: a literature review

Wang

Yongchareon

2020

IJWIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, the abuse of the rights of a user is another security concern. SIEM and intrusion management are considered the main categories for the security analytics service because security analytics is a combination of both categories [30]. The security analytics service is applied as an IaaS to simplify analytical techniques to a user or group.…”

Section: Conceptual Modelmentioning

confidence: 99%