Securing Cloud Computing Through IT Governance

Faizi, Salman M.; Rahman, Shawon S. M.

doi:10.2139/ssrn.3360869

Cited by 3 publications

(4 citation statements)

References 37 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…K. Brandis et al developed a framework to show the effect of using standards in cloud computing in mitigating risks according to five aspects which are legal, organizational, technical, cultural, and financial in order to use the cloud without risk in these aspects [25]. S. M. Faizi et al divided cloud computing security domains into storage, software, network security, trust management, Internet and services, compliance, legal, and virtualization [26]. M. Al-Ruithe et al provided a strategy for determining the critical success factors (CSF) in implementing cloud services that include (1) organizational (defining the responsibilities, business, and IT alignment), ( 2) technological (automation of data integration life-cycle, having data metrics), (3) strategic points of control, (4) training and awareness of data stakeholders, and ( 5) monitoring the compliance [27].…”

Section: Concerns In Cloud Computingmentioning

confidence: 99%

“…Thus, in this step, CC's auditor will define all risks that relate to these layers. Risk areas are categorized into eight domains (storage, software, network security, trust management, Internet services, compliance, legal, and virtualization) [26]. So determining risks must cover these domains in the CSP's side.…”

Section: Proposed Frameworkmentioning

confidence: 99%

“…Also, in case of using SaaS, CC may have risk areas to control. Examples of covering missing controls in CSP's side are if CSP does not provide data encryption or data redundancy in many sites.Step(10) Determine needed controls: Auditor determines controls that must be applied in CC side to avoid the risk areas in CC's side according to the risks determined to cover all security domains[26] in CC's side. In previous step examples, the CC's auditor must recommend encrypting data before sending to CSP's side.…”

mentioning

confidence: 99%

See 2 more Smart Citations

IS Risks Governance for Cloud Computing Service

Gamal

Helal

Mazen

et al. 2021

Digital Transformation Technology

View full text Add to dashboard Cite

Cloud computing services have become important to IS/IT recently. Cloud service providers (CSPs) support different types of cloud computing services (Infrastructure as a Service, Platform as a Service, and Software as a Service). There are many challenges and concerns in using cloud computing services that may cause many risks. These risks need addressing while using cloud computing. CSPs provide procedures in order to control risk areas while providing their services. There are many studies that assess risks in cloud computing services. They provide evaluation tools and/or frameworks to manage the risk in cloud computing services. Moreover, IS/IT governance is one of the most powerful ways to achieve IS/IT business alignment. The main goals of IS/IT governance are to ensure that the investments in IS/IT generate business values and to mitigate the risks associated with IS/IT. Even though there are various risks in cloud computing services, there is no comprehensive framework to support risk assessment according to user's needs. In this paper, we aim to provide a conceptual framework for governance in cloud computing services. This framework will focus on cloud client (CC) requirements to achieve the governance.

show abstract

Section: Concerns In Cloud Computingmentioning

confidence: 99%

Section: Proposed Frameworkmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

IS Risks Governance for Cloud Computing Service

Gamal

Helal

Mazen

et al. 2021

Digital Transformation Technology

View full text Add to dashboard Cite

show abstract

“…In recent multiple case studies conducted to assess the scope and depth of cybersecurity risk [26] and threat communications delivered to an extremely vulnerable patient population, semistructured interviews were held with cardiac medical device specialists across the United States. These cardiac medical devices experts were intimately involved in the care and patient safety of cardiac implantable electronic devices (CIED) patients who used home monitoring systems to connect their implantable cardioverter-defibrillator (ICD) and pacemaker (PM) devices, typically through the cloud [23], to their physician's offices or device clinic. The case study examined the question: How are the cybersecurity risks [30] and threats related to wireless implanted medical devices being communicated to patients who have or will have these devices implanted in their bodies?…”

Section: Introductionmentioning

confidence: 99%

Exploring Challenges and Opportunities in Cybersecurity Risk and Threat Communications Related to the Medical Internet of Things (MIOT)

Jackson¹,

Rahman²

2019

IJNSA

View full text Add to dashboard Cite

As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare, there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes to scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications.

show abstract