Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal
- PDF / 3,554,779 Bytes
- 16 Pages / 595.276 x 790.866 pts Page_size
- 78 Downloads / 171 Views
REVIEW
Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal Najat Tissir1,2 · Said El Kafhali3
· Noureddine Aboutabit1,2
Received: 28 April 2020 / Accepted: 30 September 2020 © Springer Nature Switzerland AG 2020
Abstract Cloud Computing is an emerging paradigm that is based on the concept of distributed computing. Its definition is related to the use of computer resources which are offered as a service. As with any novel technology, Cloud Computing is subject to security threats, vulnerabilities, and attacks. Recently, the studies on security impact include the interaction of software, people and services on the Internet and that is called cyber-security or cyberspace security. In spite of various studies, we still fail to define the needs of cybersecurity management in Cloud Computing. This paper principally focuses on a comprehensive study of Cloud Computing concerns, security, cybersecurity differences, ISO, and NIST standards. It aims at identifying the policies and the guidelines included in these standards as well as it provides a comprehensive Framework proposal to manage and prevent cyber risks in Cloud Computing taking into consideration the ISO 27,032, ISO 27,001, ISO 27,017 and NIST cybersecurity Framework CSF. In addition to that, our study pinpoints at the criteria that concern measuring the maturity of organizations that implement the framework. Our objective is to provide guidance to organizations on how to establish their proper approach of cybersecurity risk management in Cloud Computing or to complement their ‘already have’ processes. Keywords Cloud computing · Cybersecurity · Cybersecurity management · NIST CSF · ISO 27K
1 Introduction The origin of ideas related to Cloud Computing can be traced back to around the 1950s. This generation was marked by the concept of mainframe Time-Sharing. Before, the ‘Sneakernet’ was the primary means of collaboration and sharing. Around the 50 s, the second coming of Cloud Computing came with the creation of ‘service bureaus’ and ‘time-sharing’ systems due to limited computing resources
B
Said El Kafhali [email protected] Najat Tissir [email protected] Noureddine Aboutabit [email protected]
1
Process Engineering, Computer Science and Mathematics Laboratory, National School of Applied Sciences, Sultan Moulay Slimane University, 25000 Khouribga, Morocco
2
Sultan Moulay Slimane University, Beni Mellal, Morocco
3
Hassan First University of Settat, Faculty of Sciences and Techniques, Computer, Networks, Mobility and Modeling Laboratory: IR2M, 26000 Settat, Morocco
[1]. Therefore, the idea was to ‘time-share’ a single central computer that permits multiple users to communicate with a central mainframe site where all computation was done. Around the time of 1970s and after that data and programs were mostly located in local resources, the virtualization was launched. It permitted users to surpass the time-sharing limitations and run more than one operating system simultaneously on one phy
Data Loading...
