Mohssen Mohammed Sakib Pathan Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body Mohssen Mohammed Sakib Pathan.

Slides:

Advertisements

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Advertisements

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Software Quality Assurance Plan

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Hands-On Ethical Hacking and Network Defense

22000 Food Safety Management Systems

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Computer Security: Principles and Practice

CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.

Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.

[ §4 : 1 ] 4. Requirements Processes II Overview 4.1Fundamentals 4.2Elicitation 4.3Specification 4.4Verification 4.5Validation Software Requirements Specification.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

TC176/IAF ISO 9001:2000 Auditing Practices Group.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

PAD190 PRINCIPLES OF PUBLIC ADMINISTRATION

Chapter 1- Introduction Lecture 1 Ready, fire, aim (the fast approach to software development). Ready, aim, aim, aim, aim... (the slow approach to software.

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, Sixth Edition Chapter 9, Part 2 Satisfying Customer Needs.

Initiating and Planning Systems Development projects

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Tim Vander Kooi Systems

Hands-On Microsoft Windows Server 2008

MGT 461 Lecture # 19 Project Initiation Phase (I OF II)

Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.

Manpower Planning.

Smartening the Environment using Wireless Sensor Networks in a Developing Country Building Customer Trust in Cloud Computing Model Al-Sakib Khan Pathan.

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

Product Documentation Chapter 5. Required Medical Device Documentation  Business proposal  Product specification  Design specification  Software.

Software Engineering Saeed Akhtar The University of Lahore Lecture 8 Originally shared for: mashhoood.webs.com.

Computer and Network Use Policies ITSS 4201 Internet Insurance and Information Hiding ► University of Palestine ► Eng. Wisam Zaqoot ► Feb 2010.

1-1 System Development Process System development process – a set of activities, methods, best practices, deliverables, and automated tools that stakeholders.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Lecture 7: Requirements Engineering

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

CORPORATE RECORDS RETENTION POLICY TRAINING By: Diana C. Toman, Corporate Counsel & Assistant Secretary.

1 Validation of non-formal and informal learning in Europe The challenging move from policy to practise Jens Bjornavold Rotterdam, 10 April 2014.

Cloud Computing Project By:Jessica, Fadiah, and Bill.

Expert Group 4 (EG4) on Certification of the Equipment related to the Directive 2004/52/CE Francisco R. Soriano LISITT- Univ. of Valencia.

CONTENTS OF THE SRS REPORT. Software Requirements Specification (SRS) template The SRS document describes recommended approaches for the specification.

Systems Development Life Cycle

Introduction to Information Security

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

TC176/IAF ISO 9001:2000 Auditing Practices Group.

Workshop on Accreditation of Bodies Certifying Medical Devices Kiev, November 2014.

FSC Caribbean Group of Securities Regulators 10th Annual Conference and Workshop November 6 -8, 2013.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

MANAGEMENT INFORMATION SYSTEM

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

CompSci 280 S Introduction to Software Development

Chapter 1- Introduction

Service Organization Control (SOC)

CISM Dumps PDF Latest Certified Information Security Manager CISM dumpsCISM dumps pdfCISM braindumpsCISM exam dumps.

Download Latest CompTIA CAS-002 Exam Dumps PDF Questions - CAS-002 Best Study Material - Realexamdumps.com

1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.

Taking the STANDARDS Seriously

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Instructor Materials Chapter 5: Ensuring Integrity

OU BATTLECARD: Oracle Data Integrator

OU BATTLECARD: Oracle Identity Management Training

OU BATTLECARD: Oracle Systems Learning Subscription

Cloud Computing for Wireless Networks

OU BATTLECARD: WebLogic Server 12c

Presentation transcript:

Mohssen Mohammed Sakib Pathan Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body Mohssen Mohammed Sakib Pathan

Outline Outline Overview of ICMCCP The Constitution of ICMCCP Cloud Computing Issues ICMCCP Architecture ICMCCP Certificate Giving Procedure Conclusion

Overview of ICMCCP International Center for Monitoring Cloud Computing Providers (ICMCCP). ICMCCP is established on an idea somewhat like a Central bank It would be a global entity, not limited to local. A Headquarter (HQ) for the ICMCCP will be placed in one of the countries in the globe Then, several branches of it would cover the entire globe, with at least one branch in each country All these branches will follow the HQ of the ICMCCP for any kind of policy that is employed centrally. All branches and the HQ will be connected in one computer network

Overview of ICMCCP Cont. Each Cloud Provider (CP) in a particular country would be then connected with the ICMCCP branch in that country/location HQ of the ICMCCP, all ICMCCP branches, and all CPs in the world will be connected in one world-wide network. A practical constraint is that no CP can be forced to join the ICMCCP, but the customers will trust only the CPs that have are connected and certified by the ICMCCP, once it is established. ICMCCP is supposed to be a non-profit organization and the required fund to run it could be generated from the CPs

The Constitution of ICMCCP ICMCCP would have a constitution or a set of fundamental principles In the process of writing the constitution, experts in the fields of Cloud computing, networking, communications, law, banking, and policy making will be involved. The constitution should reflect the customers’ aspirations as well. This would ensure that the customers know how the ICMCCP can protect their data providing guaranteed and secure services. The constitution should clearly state what legal actions would be taken if a Cloud provider breaches the user privacy.

The Constitution of ICMCCP Cont. An example to illustrate the need for a constitution: Let us consider that a country establishes a Cloud Provider (CP) just for political reason. This CP’s name given is Global Cloud Provider (GCP). It appears as a private CP for the customers but it has been made for other purposes. The ICMCCP will make good effort to discover the nature of each CP by using technical program and employing manual security techniques If the ICMCCP discovers a deceitful CP, it will blacklist that CP and raise the legal case to the court. After that, the ICMCCP will advertise to all branches that the GCP (as in this example) is not a legitimate provider.

Cloud Computing Issues Cloud computing has two major issues: –Lack of Trust: –Attacks against Cloud Servers. Our work is basically concerned about the first issue, i.e., point (a) - that is establishing user trust. As presented before, establishing ICMCCP could well- handle this issue.

ICMCCP Architecture As understood by now, ICMCCP has mainly two parts: –Constitutional part and Technical part. the technical part has a significant role in making ICMCCP secure by using the newest reliable technologies. We have mentioned before that the Headquarter of the ICMCCP, all ICMCCP branches, and all CPs in the world will be connected with one network. Hence, a new software could be developed for monitoring all CPs that are enlisted with the ICMCCP. Let us call this software as Tracing Cloud Computing Provider (TCCP).

ICMCCP Architecture Cont. This software will be installed in the HQ of the ICMCCP, in all ICMCCP branches, and in all CPs. The TCCP will keep monitoring any interaction with each CP in the globe and all recorded. interactions would be archived in the local branches to be provided to the HQ for audit and verifications. Periodically, the ICMCCP will analyze the data collected by the TCCP to see whether there is any form of irregularity in accessing the CPs.

ICMCCP Architecture Cont. Fig. 1. The ICMCCP Architecture for TCCP

ICMCCP Certificate Giving Procedure Let us assume that there is a Cloud provider called First Trusted Cloud Provider (FTCP). FTCP wants to get the ICMCCP certificate. To obtain a certificate from ICMCCP, the following steps would be followed: –Step 1. First, the FTCP will send a letter to the Headquarter of the ICMCCP that it needs an ICMCCP certificate. The letter should include introductory information of FTCP with enough history about the company like, when the company was launched, why it was established, …etc. – Then, the ICMCCP HQ will study these documents well to move to the next step. –Step two, a technical team from the HQ would be sent to the applicant’s company to assess the FTCP systems, devices, security tools, etc. All companies that want an ICMCCP certificate must satisfy the minimum requirements set by ICMCCP.

ICMCCP Certificate Giving Procedure Cont. To make the task of assessment easier, ICMCCP could have country representatives and technical teams formed with the local experts (who are certified and qualified professionals). Once the technical team clears the CP’s (here, FTCP) technical strength, the certificate will be awarded. In case of negative recommendation from the technical team, the ICMCCP HQ will give the FTCP some conditions to satisfy within a specified time period. The certificate will be available, only if the conditions are successfully addressed; otherwise, the application will be rejected. We should mention that the certificate that is given by the ICMCCP HQ has a limited period of validity, for instance for 1 year, 2 years, 3 years, 5 years, or so. After expiration of certificate (or, before the due date), renewal must be done by the company.

Conclusion Conclusion We suggest the ICMCCP as a professional and regulatory association for the advancement of cloud computing field. While this work is exploratory in nature about the possibility and scope of thinking in this line to establish ICMCCP, there would be many other technical and practical constraints raised by experts that need to be solved in future. Hence, our work opens the door of many different discussions and directions of research – almost all topics would be open.