Towards a framework for trustworthy data security level agreement in cloud procurement

Nugraha, Yudhistira; Martin, Andrew

doi:10.1016/j.cose.2021.102266

Cited by 9 publications

(2 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ISO 27001 and 27002: Forged by the International Organization for Standardization (ISO), ISO 27001 and 27002 stand as testaments to meticulous structure and comprehensive detail [23]. This framework offers a vast library of 114 controls, meticulously categorized and readily deployable [24]. These controls, encompassing best practices from access control to incident management, form an impenetrable barrier against common vulnerabilities.…”

Section: B Existing Cybersecurity Frameworkmentioning

confidence: 99%

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

AL-Hawamleh

2024

IJCDS

View full text Add to dashboard Cite

This study presents a comprehensive Cybersecurity Resilience Framework designed to fortify organizational defenses against the evolving landscape of cyber threats while enhancing business continuity. The aim is to provide businesses with a robust and adaptive strategy that extends beyond traditional cybersecurity paradigms. This study employs a methodology grounded in an extensive cybersecurity literature review to inform the conceptualization and iterative development of a resilient framework, integrating key elements from established sources and aligning with industry wisdom. By integrating governance and leadership principles, collaboration with external stakeholders, and continuous monitoring, the framework fosters a holistic approach to cyber resilience. Leveraging a behavioral perspective, the study explores human factors, user awareness, and decision-making processes, recognizing the critical role of organizational culture in fostering a cybersecurity-aware ethos. Findings reveal a roadmap that includes technology resilience, regular audits, and assessments, emphasizing evidence-based improvements. The framework addresses resource constraints, regulatory variability, and the dynamic threat landscape, promoting adaptability in the face of diverse organizational contexts. The significance of this study lies in its contribution to the ongoing evolution of cyber resilience strategies, offering organizations a practical guide to navigate the complexities of the digital realm. As businesses increasingly rely on interconnected technologies, this framework stands as a vital tool for enhancing security, safeguarding critical assets, and ensuring continuity in the face of an ever-changing cyber threat landscape.

show abstract

Section: B Existing Cybersecurity Frameworkmentioning

confidence: 99%

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

AL-Hawamleh

2024

IJCDS

View full text Add to dashboard Cite

show abstract

“…Individuals, on the other hand, benefit from sector-specific protections, but the variability in state laws can create challenges in understanding and asserting their rights. The regulatory landscape in the USA is dynamic, with ongoing discussions about the need for a federal privacy law that can provide a standardized and cohesive framework (Nugraha and Martin, 2021). Europe has taken a different approach to data protection with the General Data Protection Regulation (GDPR), a comprehensive and harmonized regulatory framework applicable across all European Union (EU) member states (Quinn and Malgieri, 2021).…”

Section: Regulatory Landscapementioning

confidence: 99%

A Comparative Review of Data Encryption Methods in the Usa and Europe

Akoh Atadoga,

Oluwatoyin Ajoke Farayola,

Benjamin Samson Ayinla

et al. 2024

Comput. sci. IT res. j.

View full text Add to dashboard Cite

Data encryption is a critical aspect of modern information security, and understanding the approaches taken by different regions is vital for a comprehensive analysis. In the United States and Europe, data encryption methods vary in implementation, legal frameworks, and overall priorities. In the United States, encryption methods are primarily governed by a combination of federal laws and industry standards. The National Institute of Standards and Technology (NIST) plays a central role in recommending cryptographic standards, while the Department of Commerce oversees export controls on encryption technology. The focus in the U.S. is on balancing national security needs with individual privacy rights. The tension between law enforcement's desire for access to encrypted data for criminal investigations and the right to privacy has sparked debates and legal battles. On the other hand, Europe has taken a more privacy-centric approach to data protection. The General Data Protection Regulation (GDPR) is a cornerstone in the European Union's efforts to safeguard individual privacy rights. GDPR mandates the use of encryption to protect personal data, and failure to implement adequate measures can result in hefty fines. European countries also emphasize the importance of end-to-end encryption in communication services to ensure confidentiality. Both regions prioritize encryption, but their approaches reflect different values and legal philosophies. The U.S. tends to navigate a delicate balance between national security and individual rights, while Europe places a stronger emphasis on the protection of personal data as a fundamental right. In terms of technological implementation, the encryption algorithms adopted in both regions are often aligned with global standards. Advanced Encryption Standard (AES) is widely accepted and implemented in various sectors. However, the choice of key management and the level of regulatory oversight differ, contributing to the nuanced landscape of data protection. In conclusion, a comparative review of data encryption methods in the USA and Europe reveals the complex interplay between security, privacy, and legal frameworks. Understanding these differences is crucial for multinational organizations and individuals navigating the intricate landscape of global data protection. Keywords: Data, Encryption, USA, Europe, Review.

show abstract

Information security and privacy challenges of cloud computing for government adoption: a systematic review

Ukeje,

Gutierrez,

Petrova

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Towards a framework for trustworthy data security level agreement in cloud procurement

Cited by 9 publications

References 37 publications

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

A Comparative Review of Data Encryption Methods in the Usa and Europe

Information security and privacy challenges of cloud computing for government adoption: a systematic review

Contact Info

Product

Resources

About