Security in organisations: governance, risks and vulnerabilities in moving to the cloud

Alassafi, Madini, Obad, Hussein, Raid, Khalid Hussein, Wills, Gary, Gashgari, Ghada, Abdalaziz A and Walters, Robert (2017) Security in organisations: governance, risks and vulnerabilities in moving to the cloud In, Chang, V., Ramachandran, M., Walters, R. and Wills, G. (eds.) Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 – December 3, 2015, Revised Selected Papers. Cham, Switzerland, Springer International Publishing (Lecture Notes in Computer Science, 10131). (doi:10.1007/978-3-319-54380-2_11).


[img] PDF Security in Organisations Governance, Risks and Vulnerabilities in moving to the Cloud - Accepted Manuscript
Restricted to Repository staff only until 18 March 2018.
Available under License University of Southampton Accepted Manuscript Licence.

Download (539kB)


Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.

Item Type: Book Section
Digital Object Identifier (DOI): doi:10.1007/978-3-319-54380-2_11
ISBNs: 9783319543796 (print)
9783319543802 (electronic)
ISSNs: 0302-9743 (print)
Organisations: Electronics & Computer Science, Electronic & Software Systems
ePrint ID: 407550
Date :
Date Event
19 March 2017e-pub ahead of print
Date Deposited: 13 Apr 2017 01:09
Last Modified: 15 Jun 2017 16:33
Further Information:Google Scholar

Actions (login required)

View Item View Item