User Risk Management Strategies and Models – Adaption for Cloud Computing
Third party services are an alternative to in-house ICT production and widely engaged. But the use of such industrialized and standardized ICT services, especially cloud computing, seems to conflict with underlying principles of risk management and security. A schema for the classification of service delivery models is introduced to realize the situation. Sourcing is a rather linear sequence of actions, whereas risk management is highly recurring and iterative. In an adapted process user organisations will not decode every specific security control since that is no longer appropriate in industrialised ICT production markets. Users will concentrate on rating the vendor (“who”) and assessing the service (“what”). Then special issues (“how”) are considered. Detailed guidance is given for these three steps. In this paper an adapted approach to user risk management is described. By this means users can get the most out of novel ICT provisioning models.
KeywordsService Provider Risk Management Cloud Computing Service Model Public Cloud
Unable to display preview. Download preview PDF.
- Gary Stoneburner, Alice Goguen, Alexis Feringa: Risk Management Guide for Information Technology Systems; NIST Special Publications 800–30Google Scholar
- ISO/IEC 27005 – Information technology – Security techniques – Information security risk managementGoogle Scholar
- Eberhard von Faber: Auslagerung von IT-Services: Klassifikation und Risikomodell, Leitlinien für Anwender im “global sourcing”; BSM Anwender 201, Schriftenreihe: The Bulleting Security Management, ISSN 1869–2125, Herausgeber: Eberhard von Faber und Friedrich-L. Holl, Bezug: www.security-management.de
- Eberhard von Faber: Cloud-Computing - Die Sicherheit im Fokus; it-management 4/2010, ISSN 0945–9650, S. 60–64Google Scholar