A reestruturação do trabalho docente: precarização e flexibilização

Context: Cloud computing is a thriving paradigm that supports an efficient way to provide IT services by introducing on-demand services and flexible computing resources. However, significant adoption of cloud services is being hindered by security issues that are inherent to this new paradigm. In previous work, we have proposed ISGcloud, a security governance framework to tackle cloud security matters in a comprehensive manner whilst being aligned with an enterprise's strategy. Objective: Although a significant body of literature has started to build up related to security aspects of cloud computing, the literature fails to report on evidence and real applications of security governance frameworks designed for cloud computing environments. This paper introduces a detailed application of ISGCloud into a real life case study of a Spanish public organisation, which utilizes a cloud storage service in a critical security deployment. Method: The empirical evaluation has followed a formal process, which includes the definition of research questions previously to the framework's application. We describe ISGcloud process and attempt to answer these questions gathering results through direct observation and from interviews with related personnel. Results: The novelty of the paper is twofold: on the one hand, it presents one of the first applications, in the literature, of a cloud security governance framework to a real-life case study along with an empirical evaluation of the framework that proves its validity; on the other hand, it demonstrates the usefulness of the framework and its impact to the organisation. Conclusion: As discussed on the paper, the application of ISGCloud has resulted in the organisation in question achieving its security governance objectives, minimizing the security risks of its storage service and increasing security awareness among its users.

show abstract

Security Analysis in the Migration to Cloud Environments

Rosado

Gómez²,

Mellado³

et al. 2012

Future Internet

View full text Add to dashboard Cite

Cloud computing is a new paradigm that combines several computing concepts and technologies of the Internet creating a platform for more agile and cost-effective business applications and IT infrastructure. The adoption of Cloud computing has been increasing for some time and the maturity of the market is steadily growing. Security is the question most consistently raised as consumers look to move their data and applications to the cloud. We justify the importance and motivation of security in the migration of legacy systems and we carry out an analysis of different approaches related to security in migration processes to cloud with the aim of finding the needs, concerns, requirements, aspects, opportunities and benefits of security in the migration process of legacy systems

show abstract

Applying a Security Requirements Engineering Process

Mellado¹,

Fernández‐Medina

Piattini

2006

View full text Add to dashboard Cite

Abstract. Nowadays, security solutions are mainly focused on providing security defences, instead of solving one of the main reasons for security problems that refers to an appropriate Information Systems (IS) design. In fact, requirements engineering often neglects enough attention to security concerns. In this paper it will be presented a case study of our proposal, called SREP (Security Requirements Engineering Process), which is a standard-centred process and a reuse-based approach which deals with the security requirements at the earlier stages of software development in a systematic and intuitive way by providing a security resources repository and by integrating the Common Criteria into the software development lifecycle. In brief, a case study is shown in this paper demonstrating how the security requirements for a security critical IS can be obtained in a guided and systematic way by applying SREP.

show abstract

Security requirements engineering framework for software product lines

Mellado¹,

Fernández‐Medina

Piattini

2010

Information and Software Technology

View full text Add to dashboard Cite

ISGcloud: a Security Governance Framework for Cloud Computing

Rebollo¹,

Mellado²,

Fernandez-Medina

2014

The Computer Journal

View full text Add to dashboard Cite

Towards security requirements management for software product lines: A security domain requirements engineering process

Mellado¹,

Fernández‐Medina

Piattini

2008

Computer Standards & Interfaces

View full text Add to dashboard Cite

12 3 4

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daniel Mellado

A common criteria based security requirements engineering process for the development of secure information systems

A systematic review of security requirements engineering

Empirical evaluation of a cloud computing information security governance framework

Security Analysis in the Migration to Cloud Environments

Applying a Security Requirements Engineering Process

Security requirements engineering framework for software product lines

ISGcloud: a Security Governance Framework for Cloud Computing

Towards security requirements management for software product lines: A security domain requirements engineering process

Contact Info

Product

Resources

About