Due to the considerable advantages of cloud computing, such as cost efficiency, flexibility, and scalability, the technology has transformed the means of IT service provisioning. To realize the proclaimed benefits, critical infrastructure providers, as the backbone of societal life, increasingly deploy their IT services, processes, and functions in cloud environments. However, as the control over the underlying cloud infrastructure and the corresponding security measures is delegated to the cloud provider, the outsourcing to cloud environments exposes critical infrastructures to security risks. This is especially crucial since critical infrastructures highly rely on IT systems for dependable service provisioning. In addition, each cloud deployment is afflicted with individual risks depending on the selected cloud service and deployment model. Due to the strict requirements and regulations regarding the IT security of their landscapes, the management of IT security risks related to the adoption of cloud services is of significant importance for critical infrastructures. Thus, the objective of this thesis is to examine the IT security risk management of cloud services in critical infrastructures. For this purpose, frameworks, conceptual models, prototypical tools, action recommendations, and implications are developed. Besides the investigation of the status quo of cloud computing service adoption in German critical infrastructures, implications and methods for an adequate management of IT security and the corresponding risks resulting from the adoption of cloud computing services are derived. Further, in the context of the interaction between critical infrastructure and cloud computing service providers, the role of trust is examined. In addition, frameworks and prototypes for a tool support for the IT security risk management of cloud services in critical infrastructures are developed. As an underlying analytical framework, a multi-method approach is chosen to examine the field from a behavioral- as well as a design-oriented perspective by applying various qualitative and quantitative research methods. The results of this dissertation can support decision makers and researchers in the field of the IT security risk management of cloud computing services in critical infrastructures.
| Identifer | oai:union.ndltd.org:uni-osnabrueck.de/oai:repositorium.ub.uni-osnabrueck.de:urn:nbn:de:gbv:700-202002272637 |
| Date | 27 February 2020 |
| Creators | Adelmeyer, Michael |
| Contributors | Prof. Dr. Frank Teuteberg, Prof. Dr. Oliver Thomas |
| Source Sets | Universität Osnabrück |
| Language | English |
| Detected Language | English |
| Type | doc-type:doctoralThesis |
| Format | application/pdf, application/zip |
| Rights | Attribution-NonCommercial-NoDerivs 3.0 Germany, http://creativecommons.org/licenses/by-nc-nd/3.0/de/ |
Page generated in 0.0021 seconds