Compliance with standards, assurance and audit

Duncan, Bob; Whittington, Mark

doi:10.1145/2659651.2659711

Cited by 26 publications

(28 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There is not a complete cloud security standard because cloud technology is evolving far faster than standards [53]. Therefore, creating a set of security domains just based on the current security standards is not adequate to take into account emerging issues and attack surfaces.…”

Section: Cscmm Domainsmentioning

confidence: 99%

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Le¹,

Hoang²

2017

SCPE

View full text Add to dashboard Cite

Abstract. Cyber space is affecting all areas of our life. Cloud computing is the cutting-edge technology of this cyber space and has established itself as one of the most important resources sharing technologies for future on-demand services and infrastructures that support Internet of Things (IOTs), big data platforms and software-defined systems/services. More than ever, security is vital for cloud environment. There exist several cloud security models and standards dealing with emerging cloud security threats. However, these models are mostly reactive rather than proactive and they do not provide adequate measures to assess the overall security status of a cloud system. Out of existing models, capability maturity models, which have been used by many organizations, offer a realistic approach to address these problems using management by security domains and security assessment on maturity levels. The aim of the paper is twofold: first, it provides a review of cyber space, cyber security, cloud security models and standards, cyber security capability maturity models and security metrics; second, it proposes a cloud security capability maturity model (CSCMM) that extends existing cyber security models with a security metric framework. CSCMM aims to present a credible overall security assessment of a cloud system to senior managers and to enable security experts to predict and identify necessary security measures.

show abstract

Section: Cscmm Domainsmentioning

confidence: 99%

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Le¹,

Hoang²

2017

SCPE

View full text Add to dashboard Cite

show abstract

“…Since the evolution of cloud computing, a number of cloud security standards have evolved, but there is still no standard which offers complete security, which is a limitation. Even compliance with all standards will not guarantee complete security, which, presents another disadvantage (Duncan and Whittington, 2014).…”

Section: The Challengesmentioning

confidence: 99%

“…We have argued that companies need to take account of these gaps in the standards when addressing issues of compliance. In (Duncan and Whittington, 2014), we have addressed the question of whether compliance with standards, assurance and audit can provide security, and in (Duncan and Whittington, 2015d), we have addressed one of the fundamental weaknesses of the standards compliance process.…”

Section: The Challengesmentioning

confidence: 99%

See 1 more Smart Citation

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Duncan

Whittington

Jaatun

et al. 2017

Enterprise Security

Self Cite

View full text Add to dashboard Cite

Abstract. In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with the concept of using proper measurement for a cloud security assurance model. We demonstrate how this approach can be applied, not only to the approach under review, but how it may be applied to address other cloud security requirements.

show abstract

“…The approach on this problem is often by using technical means alone frequently being expressed as policies authorising some action. But the business architecture of an enterprise comprises people, process and technology [PWC, 2012], not technology alone, thus such solutions are generally doomed to failure, as suggested by [Duncan et al, 2013][ Duncan and Whittington, 2014] [Duncan and Whittington, 2015d] [Duncan and Whittington, 2015b], who note such approaches ignore the impact of people and process on security.…”

Section: Introductionmentioning

confidence: 99%

Anomaly Detection for Soft Security in Cloud based Auditing of Accounting Systems

Neovius

Duncan²

2017

Proceedings of the 7th International Conference on Cloud Computing and Services Science

Self Cite

View full text Add to dashboard Cite

Abstract:Achieving information security in the cloud is not a trivial exercise. When the systems involved are accounting software systems, this becomes much more challenging in the cloud, due both to the systems architecture in use, the challenges of proper configuration, and to the multiplicity of attacks that can be made against such systems. A particular issue for accounting systems concerns maintaining a proper audit trail in order that an adequate level of audit may be carried out on the accounting records contained in the system. In this paper we discuss the implications of the traditional approach to such systems and propose a complementary soft security solution relying on detecting behavioural anomalies by evidence theory. The contribution is in conceptualising the anomalies and providing a somewhat theoretical solution for a difficult and challenging problem. The proposed solution is applicable within any domain consisting of rigorous processes and risk of tampering or data exfiltration, such as the cloud based accounting systems.

show abstract

Compliance with standards, assurance and audit

Cited by 26 publications

References 14 publications

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?

Anomaly Detection for Soft Security in Cloud based Auditing of Accounting Systems

Contact Info

Product

Resources

About