Security in organisations: governance, risks and vulnerabilities in moving to the cloud
Security in organisations: governance, risks and vulnerabilities in moving to the cloud
Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.
Alassafi, Madini, Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Gashgari, Ghada, Abdalaziz A
aced4509-d54a-401d-aad9-61c8f97834bf
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Alassafi, Madini, Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Gashgari, Ghada, Abdalaziz A
aced4509-d54a-401d-aad9-61c8f97834bf
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Alassafi, Madini, Obad, Hussein, Raid, Khalid Hussein, Wills, Gary, Gashgari, Ghada, Abdalaziz A and Walters, Robert
(2017)
Security in organisations: governance, risks and vulnerabilities in moving to the cloud.
In,
Chang, V., Ramachandran, M., Walters, R. and Wills, G.
(eds.)
Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 – December 3, 2015, Revised Selected Papers.
(Lecture Notes in Computer Science, 10131)
Cham, Switzerland.
Springer Cham.
(doi:10.1007/978-3-319-54380-2_11).
Record type:
Book Section
Abstract
Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.
Text
Security in Organisations Governance, Risks and Vulnerabilities in moving to the Cloud
- Accepted Manuscript
More information
e-pub ahead of print date: 19 March 2017
Organisations:
Electronics & Computer Science, Electronic & Software Systems
Identifiers
Local EPrints ID: 407550
URI: http://eprints.soton.ac.uk/id/eprint/407550
ISSN: 0302-9743
PURE UUID: 7f8ea255-7018-41b6-94d3-5174db10c338
Catalogue record
Date deposited: 13 Apr 2017 01:09
Last modified: 16 Mar 2024 05:09
Export record
Altmetrics
Contributors
Author:
Madini, Obad Alassafi
Author:
Raid, Khalid Hussein Hussein
Author:
Gary Wills
Author:
Ghada, Abdalaziz A Gashgari
Author:
Robert Walters
Editor:
V. Chang
Editor:
M. Ramachandran
Editor:
R. Walters
Editor:
G. Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics