The University of Southampton
University of Southampton Institutional Repository

Security in organisations: governance, risks and vulnerabilities in moving to the cloud

Security in organisations: governance, risks and vulnerabilities in moving to the cloud
Security in organisations: governance, risks and vulnerabilities in moving to the cloud
Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.
0302-9743
Springer Cham
Alassafi, Madini, Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Gashgari, Ghada, Abdalaziz A
aced4509-d54a-401d-aad9-61c8f97834bf
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Chang, V.
Ramachandran, M.
Walters, R.
Wills, G.
Alassafi, Madini, Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Gashgari, Ghada, Abdalaziz A
aced4509-d54a-401d-aad9-61c8f97834bf
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Chang, V.
Ramachandran, M.
Walters, R.
Wills, G.

Alassafi, Madini, Obad, Hussein, Raid, Khalid Hussein, Wills, Gary, Gashgari, Ghada, Abdalaziz A and Walters, Robert (2017) Security in organisations: governance, risks and vulnerabilities in moving to the cloud. In, Chang, V., Ramachandran, M., Walters, R. and Wills, G. (eds.) Enterprise Security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30 – December 3, 2015, Revised Selected Papers. (Lecture Notes in Computer Science, 10131) Cham, Switzerland. Springer Cham. (doi:10.1007/978-3-319-54380-2_11).

Record type: Book Section

Abstract

Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.

Text
Security in Organisations Governance, Risks and Vulnerabilities in moving to the Cloud - Accepted Manuscript
Download (539kB)

More information

e-pub ahead of print date: 19 March 2017
Organisations: Electronics & Computer Science, Electronic & Software Systems

Identifiers

Local EPrints ID: 407550
URI: http://eprints.soton.ac.uk/id/eprint/407550
ISSN: 0302-9743
PURE UUID: 7f8ea255-7018-41b6-94d3-5174db10c338
ORCID for Madini, Obad Alassafi: ORCID iD orcid.org/0000-0001-9919-8368
ORCID for Raid, Khalid Hussein Hussein: ORCID iD orcid.org/0000-0002-0653-9328
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 13 Apr 2017 01:09
Last modified: 16 Mar 2024 05:09

Export record

Altmetrics

Contributors

Author: Madini, Obad Alassafi ORCID iD
Author: Raid, Khalid Hussein Hussein ORCID iD
Author: Gary Wills ORCID iD
Author: Ghada, Abdalaziz A Gashgari
Author: Robert Walters
Editor: V. Chang
Editor: M. Ramachandran
Editor: R. Walters
Editor: G. Wills

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×