Information Security Guidelines for Organizations Intending to Adopt Cloudsourcing

Annamalai, Neelambari

January 2012

Change is constant and computing paradigm is no exception. It has witnessed major shifts right from centralized client server systems to widely distributed systems. This time the locus of change in the computing paradigm is moving towards virtualization, paving way to cloud computing. Cloud computing aims at providing computing services to its users as an utility. It allows its authenticated users to access a wide range of highly scalable computing capabilities and services via the internet on a pay-per-usage basis. Organisations not only view these benefits as cost-saving strategies, but also aim at improving the competitive advantages using cloud computing. Hence, this has given rise to a new horizon in IT/IS outsourcing. With a collaboration of cloud computing and outsourcing emerged a new concept called cloudsourcing. Cloudsourcing can be termed as the next generation outsourcing and the next phase of cloud computing promising benefits from both the areas. Cloudsourcing is outsourcing traditional business via the cloud infrastructure. Though there is pompous popularity surrounding this new technology, there is much hesitation in adopting it due to the inherent security issues. This paper discusses in detail the security issues and possible solution to the same. As this is a new concept, not much work is identified to be done in providing a set of guidelines to adopt cloudsourcing that are very specific to information security. This work intends to fill this aperture by building a set of well-defined information security guidelines, which can be termed as a novel. For this purpose, design science research method proposed by Hevner et al is used so as to accomplish this goal. Initially, a literature study is done after which an exploratory study comprising of interviews is done to gather qualitative data. The results of the exploratory interview is tested for correctness and evaluated based on an evaluation study comprising a survey based questionnaire. The analysis of the evaluation study results provides the final results. In such an attempt, the identified countermeasures to risks are classified into three groups namely, organisational, technical and regulatory and compliance guidelines. Hence the end results constituting the set of information security guidelines are classified into the above mentioned groups. This work is assumed to contribute to our understanding of information security in cloudsourcing and in supporting IT decision makers, IT project managers and security executives of organisations for a smooth and secure transition towards cloudsourcing their business.

Cloud computing

outsourcing

cloudsourcing

information security risks

Engineering and Technology

Teknik och teknologier

Informační bezpečnost v malém podniku / Information Security in Small Business

Priesnitz, Pavel

January 2014

The aim of this master‘s thesis is the description of the information security implementation into a specific small business. The theoretical part of the paper summarizes the information of related standards and methods. The analytical part describes the process, information and ICT enviroment of a particular organization. The third part of this thesis focuses on a risk analysis and choosing and deployment the relevant controls and their objectives for ISMS implementation.

Zavedení managementu informační bezpečnosti v malém podniku / The Implementation of Information Security Management System in the Small Company

Radvanský, Martin

January 2011

This diploma thesis deals with methods of management of information security in the small company. The thesis is divided into two main parts. The first part of this thesis is focused on theoretical aspects of information security and contains description of standards ČSN ISO/IEC 27000:2006. The practical part of this work is about the project of implementation of the information security management system in the small company. The implementation is divided into three separate parts with the first part of implementation being described in detail.