Exploring Information Security Governance in Cloud Computing Organisation

Exploring Information Security Governance in Cloud Computing Organisation

Hemlata Gangwar (National Institute of Industrial Engineering (NITIE), Mumbai, India) and Hema Date (National Institute of Industrial Engineering (NITIE), Mumbai, India)
DOI: 10.4018/ijamse.2015010104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.
Article Preview

2. Conceptual Framework

ISG is defined as the organization’s management responsibilities and practices that provide strategic vision, ensure objectives are achieved, manage risks appropriately, use organizational resources responsibly, and monitor the success or failure of the information security programs (Abu-Musa, 2010). Governance in information security is related to establishment and maintenance of the control environment that manages risks related to confidentiality, integrity and availability of information and its supporting processes and systems (Moulton and Cole, 2003).

This study introduces an integrated ISG framework (Figure 1) that would enable organizations to better understand, analyze, implement, and evaluate ISG practices to achieve business success. The proposed ISG framework has been developed based on the ISG conceptual framework proposed by D a Vega and E loff, 2007 and other ISG models and frameworks available in the literature (von Solms and von Solms, 2006; Ula et al., 2011; Abu-Musa, 2010; von Solms, 2005; Miller et al., 2009; von Solms and von Solms, 2005; Gerber & von Solms, 2001Tudor, 2001).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 4: 2 Issues (2017)
Volume 3: 2 Issues (2016)
Volume 2: 2 Issues (2015)
Volume 1: 2 Issues (2014)
View Complete Journal Contents Listing