Building the Security Foundation to Embrace Public Software-as-a-Service (SaaS) - Security Policies for SaaS Data Protection

Yuyu Chou, Jan Oetting, Olga Levina

2012

Abstract

To mitigate the risk of confidentiality breaches when adapting public SaaS solutions, enterprises should build their security policies by setting up a system of security awareness. This paper presents a systematic approach to developing security policies, which includes the method and process used during the public SaaS system development life cycle. Hence, all employees will have the well-grounded concept to protect confidential data in the cloud.

References

  1. BSI, 2008, Information security management systems (ISMS), BSI-Standard 100-1, v 1.5. German Information Security Agency, Bonn.
  2. BSI, 2010, Minimum security requirements for Cloud Computing providers, draft BSI Standard (in German), German Information Security Agency, Bonn.
  3. Calder, A., Watkins S. and Watkins S.G., 2010, Information security risk management for ISO27001 /ISO27002, IT Governance Ltd, UK.
  4. Chou, Y., Levina, O., and Oetting, J., 2011, 'Enforcing confidentiality in a SaaS cloud environment' Proceedings of the 2011 19th Telecommunications Forum (TELFOR), 22-24 Nov. 2011, pp. 90-93, IEEE Digital Library, IEEE Portal.
  5. CSI, 2007, Computer crime and security survey 2007, Computer Security Institute, viewed 20 Oct. 2011, < http://www. gocsi.com/forms/csi_ sur vey.jhtml >
  6. Diver S., 2007, Information security policy -a development guide for large and small companies, SANS Institute, viewed 28 February 2012, < http://www.sans.org/reading_room/whitepapers/policy issues/information-security-policy-developmentguide-large-small-companies_1331 >
  7. ENISA (European Network and Information Security Agency), 2009, Cloud Computing: benefits, risks and recommendations for information security.
  8. Guel, M. D., 2007, A short primer for developing security policies, SANS Institute.
  9. Hickey, A. R., 2010, Cloud computing security policies, procedures lacking, CRN, viewed 28 February 2012, <http://www.crn.com/news/security/224201359/cloudcomputing-security-policies-procedures-lacking.htm>
  10. ISO/IEC 2005, Information technology - security techniques - information security management systems - requirements, ISO/ IEC 27001 Standard.
  11. Jaeger, P., Lin J., and Grimes, J., 2008, 'Cloud Computing and information policy: computing in a policy Cloud?78, Journal of Information Technology Politics , vol. 5, no.3, pp. 269-283.
  12. Kee, C. K., 2001, Security policy roadmap - process for creating security policies, NANS Institute.
  13. Martin, E., 2011, 'What's wrong with security?78 Information Security, vol.13, no. 9, November, pp.8- 10.
  14. NIST, 2009, Recommended security controls for federal information systems and organizations, NIST SP 800- 53 v3 Standard.
  15. Oracle, 2009, Securing data at the source: a guide to oracle database security, viewed 28 February 2012, < http://media.techtarget.com/Syndication/SECURITY/ SecuringDataSource.pdf>
  16. OWASP, 2011, Mobile top 10 risk, viewed 28 February 2012,<https://www.owasp.org/index.php/OWASP_M obile_Security_Project#tab=Top_Ten_Mobile_Risks >
  17. Predd, J., Pfleeger, S. L., Hunker, J. and Bulford, C., 2008. 'Insiders behaving badly', Journal of IEEE Security & Privacy, vol. 6, no. 4, July/August, pp. 66 - 70.
  18. Rasmussen, M., 2011, Accountability in Policy Management, Corporate Integrity, viewed 28 February 2012, < http://www.corp-integrity.com/compliancemanagement/accountability-in-policy-management>
  19. Tipton, H. F. and Henry, K., 2007. Official (ISC)2 Guide to the CISSP CBK, Auerbach Publications, New York.
Download


Paper Citation


in Harvard Style

Chou Y., Oetting J. and Levina O. (2012). Building the Security Foundation to Embrace Public Software-as-a-Service (SaaS) - Security Policies for SaaS Data Protection . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 227-232. DOI: 10.5220/0004024702270232


in Bibtex Style

@conference{secrypt12,
author={Yuyu Chou and Jan Oetting and Olga Levina},
title={Building the Security Foundation to Embrace Public Software-as-a-Service (SaaS) - Security Policies for SaaS Data Protection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={227-232},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004024702270232},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Building the Security Foundation to Embrace Public Software-as-a-Service (SaaS) - Security Policies for SaaS Data Protection
SN - 978-989-8565-24-2
AU - Chou Y.
AU - Oetting J.
AU - Levina O.
PY - 2012
SP - 227
EP - 232
DO - 10.5220/0004024702270232