IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach
2013 (English)Conference paper (Refereed)
We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and we claim that IT Security Risk Management framework exist at each organizational levels. In this paper we concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. We present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally we will use our approach in a cloud computing environment as we believe that it is necessary to react fast on incident and therefore a need to have a well-documented and communicated monitoring and escalation processes between different organizational levels.
Place, publisher, year, edition, pages
The Society of Digital Information and Wireless Communications (SDIWC) , 2013. 56-68 p.
Cloud Computing, IT Security Risk Management, Incident Escalation, Maturity Models, IT Security Risk Monitoring, IT Security Risk Communication
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-97736ISBN: 978-0-9891305-1-6OAI: oai:DiVA.org:su-97736DiVA: diva2:679966
The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC 2013), Dubai, UAE, October 23-25, 2013