IT Security Risk Management Model for Cloud Computing: a Need for a New Escalation Approach
2013 (English)In: International Journal of E-Entrepreneurship and Innovation, Vol. 4, no 4, 1-19 p.Article in journal (Refereed) Published
We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework. With this combined framework we create a new approach to IT Security Risk Management where IT Security Risk Management is place at the strategic, tactical and operational levels of an organizational. In this paper we concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. We present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally we apply the approach to typical cloud computing environment as a first step to evaluate this new approach.
Place, publisher, year, edition, pages
IGI Global, 2013. Vol. 4, no 4, 1-19 p.
Cloud computing, IT security risk management, incident escalation, maturity models, IT security risk monitoring, IT security risk communication.
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-114704DOI: 10.4018/ijeei.2013100101OAI: oai:DiVA.org:su-114704DiVA: diva2:793810