The CCM framework consists of 11 Control Areas that are important to be measured, especially when comparing between different cloud provider offering.

Slides:



Advertisements
Similar presentations
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Advertisements

Performance Framework Part 2 – Performance and Resource Management Multi Donor Trust Fund for Justice Sector Support in Serbia.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
SECURECLOUD2012 MAY QUantifiable End-to-end SecuriTy for Cloud Trustworthiness TU Darmstadt, Germany DEEDS Group Dr. Jesus Luna G.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Software Quality Engineering Roadmap
Chapter 10 Ranking and Value Management of Computer System Performance.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Tryggve project developing services for sensitive biomedical data: Call for Nordic use cases NeiC 2015 Conference Workshop on sensitive data Antti Pursula.
1. 2 New Computing Models, and What They Mean to the Small and Mid Sized Business Consumer How your business can make practical decisions between “The.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Evergreen, Background, Methodology and IT Service Management Model
MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
T AKING THE MOST FROM H YBRID C LOUDS OPTIMIS PROJECT W ATERLOO (CANADA), M ARCH 24 TH Josep Martrat TIM Market Manager ATOS research and Innovation
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Thirteenth Lecture Hour 8:30 – 9:20 am, Sunday, September 16 Software Management Disciplines Process Automation (from Part III, Chapter 12 of Royce’ book)
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
University of Sunderland CIFM03Lecture 2 1 Quality Management of IT CIFM03 Lecture 2.
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.
Cloud Computing Presented by Alicia Wallis and Kerri Warf.
Cloud Computing Project By:Jessica, Fadiah, and Bill.
Chapter 9: Introduction to Internal Control Systems
Analysis & Presentation of Integrity Management Audit Results Western Regional Gas Conference August 21, 2007 Gary R. White.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Conduct A Strong Evaluation Soar to New Heights! 2013 National Equipment Finance Summit, Albuquerque, NM.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
1 CHAPTER 5 - b INTERNAL CONTROL OVER FINANCIAL REPORTING.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
AEO COMPLIANCE PROGRAM Authorized Economic Operator Requirements.
A Methodology to Evaluate the Trustworthiness and Security Compliance of Cloud Service Providers Sasko Ristov Ss. Cyril and Methodius University, Skopje,
CMMI Certification - By Global Certification Consultancy.
Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
Stamatia Bibi1, Dimitris Katsaros2, Panayiotis Bozanis2
Dr. Yeffry Handoko Putra, M.T
2007/2008 Consolidated Annual Municipal Performance Report prepared in terms of Section 47 of the Municipal Systems Act.
Data Minimization Framework
<Partner Name> MMM DD, 2017
ServiceNow Implementation Knowledge Management
OECD - Introduction It is an organisation of those countries which describe themselves as Democratic and have Market economy. Its HQ is in Paris, France.
Chapter 9 Control, security and audit
Energy Risk Management Credit Rating Perspective
Microsoft SAM Managed Service Program
CIS 558Competitive Success/tutorialrank.com
CIS 558 Education for Service-- tutorialrank.com.
CIS 558 RANK Lessons in Excellence-- cis558rank.com.
Assessing the Security of the Cloud
Goal, Question, and Metrics
Blockchain technology at Change Healthcare
Microsoft SAM Managed Service Program
HCM Usability Compliance Global 4 3 Analytics Configure.
Streamline your move to the cloud
Presentation transcript:

The CCM framework consists of 11 Control Areas that are important to be measured, especially when comparing between different cloud provider offering. The method works as follows: Control Areas are defined as the Goals at the Conceptual level CAIQ Questions are placed at the Operational level Metrics The Quantitative level will define the metrics in order to measure the cloud providers’ compliance towards Cloud Controls Matrix. Introduction Cloud computing aims at providing companies with the ability to utilize a tremendous capacity instantly without the need to invest in establishing new infrastructure, training new employees or buying a software license. In spite of the potential benefits towards the adoption of the cloud computing model, it has opened new challenges such as the Lack of Transparency. Transparent security can be defined as “appropriate disclosure of the governance aspects of security design, policies, and practices” [2]. It has been argued that transparency is improving, however, the lack of independent tools that measure the transparency of the cloud providers is the issue. Measuring Cloud Providers’ Transparency: Application of Goal Question Metric Approach on the “Cloud Controls Matrix” Framework Mohammed Almanea, Supervisor: Prof. John Fitzgerald Cloud Controls Matrix + What vulnerabilities exist in my cloud configuration ? What audit events have occurred in my cloud configuration? Who has access to my data now? Where are my data and processing being performed? Source: Cloud Security Alliance Aim of the Study A framework “Cloud Controls Matrix” has been developed by Cloud Security Alliance to encourage transparency in the cloud. it is based on a set of questions that cloud customers or auditors could ask cloud providers about before migrating to the cloud. Cloud Providers will submit their responses to these questions on CAIQ “Consensus Assessments Initiative Questionnaire”. The aim is to augment their framework in order to address issues such as : (1) Assessing the trustworthiness of the cloud providers, (2) Measuring their level of transparency using the Goal Question Metric approach (GQM), and (3) to check if the existing framework has helped cloud customers to make better informed decision towards migrating to the cloud. Conclusions As it has been argued that transparency is improving, and there are more emphasise on the need of the tools for measuring the transparency of the cloud service providers. The study aims at consolidating an existing framework of transparency developed by the Cloud Security Alliance by adding other features that would provide methods for measuring the cloud providers transparency. A tool will be developed letting cloud customers and providers experiment with the augmented CCM and evaluated against the existing one. More importantly, to know if the framework has helped cloud customers to make better informed decisions. [2] Sun Microsystems, "BUILDING CUSTOMER TRUST IN CLOUD COMPUTING WITH TRANSPARENT SECURITY", White Paper Create View (7) Write (5) Write Write Registration (1) (2) (3) Score Assess CP’s (4) CAIQ Responses Validating Profile CPⁿ CP² CP¹ CCⁿ CC² CC¹ Computing Profile Scores Profile ¹ Profile ² Profile ⁿ Threshold ? High ModerateLow Trustworthiness level? High, Moderate, Low T² T¹ Tⁿ Workflow of the augmented framework: -[1] Cloud Providers will register in order to create a fine-grained history profile -[2] Validating the Cloud Providers’ Profile -[3] Computing a score for the Cloud Providers’ profile. -[4] A threshold value will determine the trustworthiness level based on their scores. -[5] Cloud Providers are now eligible to write their responses on the CAIQ questionnaire. And their T stands for transparency will be measured. -[6] Cloud Customers will be able to view and evaluate and compare the different cloud providers’ transparency The augmented framework will answer these questions: How can the cloud customer assess the trustworthiness of the cloud providers? How can the cloud customer measure the cloud provider’s level of transparency? How can we measure the privacy risk score when CSPs disclose sensitive information? How effective is the framework? by Has it helped them in making better informed decision? Does the framework suite all different types of cloud customers? GQM Architecture Metric Question Goal 1Goal 2 Goal Question Metric Approach [1] Applying GQM on CCM+ M-CO-1.1.1M-CO M-CO-1.2.2M-CO M-IS-5.1.1M-IS Q-CO-1.1 Q-CO-1.2 Q-IS-5.1Q-IS-5.2Q-CO-1.3 G01: ComplianceG05: Information Security Control areaTransparency ScoreProfile Trustworthiness Level CP1CP2CP3CP4CP5CP1CP2CP3CP4CP5 Compliance32%37%50%25%80% 40%LOW 50%MOD 65%MOD 67%MOD 80%HIGH Data Governance45%35%70%55%70% Facility Security15%37%55%75% HR Security56%70%30%65% Information Security70%25%43%45%80% Legal30%42%39%67%91% Operations Management48%60%45%75%40% Risk Management80%87%77%65%70% Release Management10%35%54%55%34% Resiliency37%60%76%35%85% Security Architecture70%50%55%75%90% Transparency Comparison [1] Basili, V. R., Caldiera, G. and Dieter Rombach, H., The Goal Question Metric Approach, Chapter in Encyclopedia of Software Engineering, Wiley.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.