Reflecting on Whether Checklists Can Tick the Box for Cloud Security

Duncan, Bob; Whittington, Mark

doi:10.1109/cloudcom.2014.165

Cited by 15 publications

(11 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have argued that companies need to take account of these gaps in the standards when addressing issues of compliance. In (Duncan and Whittington, 2014), we have addressed the question of whether compliance with standards, assurance and audit can provide security, and in (Duncan and Whittington, 2015d), we have addressed one of the fundamental weaknesses of the standards compliance process.…”

Section: The Challengesmentioning

confidence: 99%

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Duncan

Whittington

Jaatun

et al. 2017

Enterprise Security

Self Cite

View full text Add to dashboard Cite

Abstract. In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with the concept of using proper measurement for a cloud security assurance model. We demonstrate how this approach can be applied, not only to the approach under review, but how it may be applied to address other cloud security requirements.

show abstract

Section: The Challengesmentioning

confidence: 99%

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Duncan

Whittington

Jaatun

et al. 2017

Enterprise Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, cloud changes the rules of the game considerably; because there is often a poor understanding of the technical complexities of cloud, and often a complete lack of understanding that the cloud runs on someone else's hardware and often software too, resulting in a huge issue from lack of proper control. With cloud, the lack of proper and complete security standards [6] also presents a major issue, as does the method of implementing compliance with these standards [52].…”

Section: Current Solutionsmentioning

confidence: 99%

Advances in Security in Computing and Communications

Sen¹

2017

View full text Add to dashboard Cite

In the era of Internet of Things (IoT) and with the explosive worldwide growth of electronic data volume, and associated need of processing, analysis, and storage of such humongous volume of data, several new challenges are faced in protect-ing privacy of sensitive data and securing systems by designing novel schemes for secure authentication, integrity protection, encryption, and non-repudiation. Lightweight symmetric key cryptography and adaptive network security algo-rithms are in demand for mitigating these challenges. This book presents some of the state-of-the-art research work in the field of cryptography and security in computing and communications. It is a valuable source of knowledge for re-searchers, engineers, practitioners, graduates, and doctoral students who are working in the field of cryptography, network security, and security and privacy issues in the Internet of Things (IoT). It will also be useful for faculty members of graduate schools and universities.Comment: 190 pages, 8 Chapters. Published by Intech Open Publishers, Croatia, July 201

show abstract

“…Concern, too, has been expressed [Walden, 2011], over issues involved in trying to obtain access to records held in foreign jurisdictions. Concern has also been expressed about the difficulties of cloud audit [Duncan and Whittington, 2015c] [Duncan and Whittington, 2016a], and in particular the mechanics of maintaining a proper audit trail [Duncan and Whittington, 2016b].…”

Section: Introductionmentioning

confidence: 99%

Anomaly Detection for Soft Security in Cloud based Auditing of Accounting Systems

Neovius

Duncan²

2017

Proceedings of the 7th International Conference on Cloud Computing and Services Science

Self Cite

View full text Add to dashboard Cite

Abstract:Achieving information security in the cloud is not a trivial exercise. When the systems involved are accounting software systems, this becomes much more challenging in the cloud, due both to the systems architecture in use, the challenges of proper configuration, and to the multiplicity of attacks that can be made against such systems. A particular issue for accounting systems concerns maintaining a proper audit trail in order that an adequate level of audit may be carried out on the accounting records contained in the system. In this paper we discuss the implications of the traditional approach to such systems and propose a complementary soft security solution relying on detecting behavioural anomalies by evidence theory. The contribution is in conceptualising the anomalies and providing a somewhat theoretical solution for a difficult and challenging problem. The proposed solution is applicable within any domain consisting of rigorous processes and risk of tampering or data exfiltration, such as the cloud based accounting systems.

show abstract

Reflecting on Whether Checklists Can Tick the Box for Cloud Security

Cited by 15 publications

References 48 publications

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Advances in Security in Computing and Communications

Anomaly Detection for Soft Security in Cloud based Auditing of Accounting Systems

Contact Info

Product

Resources

About