Welcome to the InfoSci Platform
A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

Azadeh Alebrahim, Denis Hatebur, Stephan Fassbender, Ludger Goeke, Isabelle Côté
Copyright: © 2015 |Pages: 18
ISBN13: 9781466684737|ISBN10: 1466684739|EISBN13: 9781466684744
DOI: 10.4018/978-1-4666-8473-7.ch037
Cite Chapter Cite Chapter

MLA

Alebrahim, Azadeh, et al. "A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems." Transportation Systems and Engineering: Concepts, Methodologies, Tools, and Applications, edited by Information Resources Management Association, IGI Global, 2015, pp. 730-747. https://doi.org/10.4018/978-1-4666-8473-7.ch037

APA

Alebrahim, A., Hatebur, D., Fassbender, S., Goeke, L., & Côté, I. (2015). A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems. In I. Management Association (Ed.), Transportation Systems and Engineering: Concepts, Methodologies, Tools, and Applications (pp. 730-747). IGI Global. https://doi.org/10.4018/978-1-4666-8473-7.ch037

Chicago

Alebrahim, Azadeh, et al. "A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems." In Transportation Systems and Engineering: Concepts, Methodologies, Tools, and Applications, edited by Information Resources Management Association, 730-747. Hershey, PA: IGI Global, 2015. https://doi.org/10.4018/978-1-4666-8473-7.ch037

Export Reference

Mendeley
Favorite

Abstract

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.