The University of Southampton
University of Southampton Institutional Repository

Security in organisations: governance, risks and vulnerabilities in moving to the cloud

Alassafi, Madini, Obad, Hussein, Raid, Khalid Hussein, Wills, Gary, Gashgari, Ghada, Abdalaziz A and Walters, Robert (2017) Security in organisations: governance, risks and vulnerabilities in moving to the cloud In, Chang, V., Ramachandran, M., Walters, R. and Wills, G. (eds.) Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 – December 3, 2015, Revised Selected Papers. Cham, Switzerland, Springer International Publishing (Lecture Notes in Computer Science, 10131). (doi:10.1007/978-3-319-54380-2_11).

Record type: Book Section


Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.

PDF Security in Organisations Governance, Risks and Vulnerabilities in moving to the Cloud - Accepted Manuscript
Restricted to Repository staff only until 18 March 2018.
Download (539kB)

More information

e-pub ahead of print date: 19 March 2017
Organisations: Electronics & Computer Science, Electronic & Software Systems


Local EPrints ID: 407550
ISSN: 0302-9743
PURE UUID: 7f8ea255-7018-41b6-94d3-5174db10c338
ORCID for Madini, Obad Alassafi: ORCID iD
ORCID for Gary Wills: ORCID iD

Catalogue record

Date deposited: 13 Apr 2017 01:09
Last modified: 17 Jul 2017 13:58

Export record



Author: Madini, Obad Alassafi ORCID iD
Author: Raid, Khalid Hussein Hussein
Author: Gary Wills ORCID iD
Author: Ghada, Abdalaziz A Gashgari
Author: Robert Walters
Editor: V. Chang
Editor: M. Ramachandran
Editor: R. Walters
Editor: G. Wills

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton:

ePrints Soton supports OAI 2.0 with a base URL of

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.