東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

A holistic approach to cloud securit...

Hale, Matthew Loutrelle.

FindBook

Google Book

Amazon

博客來

A holistic approach to cloud security certification.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	A holistic approach to cloud security certification./
作者:	Hale, Matthew Loutrelle.
面頁冊數:	266 p.
附註:	Source: Dissertation Abstracts International, Volume: 75-12(E), Section: B.
Contained By:	Dissertation Abstracts International75-12B(E).
標題:	Computer Science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3632209
ISBN:	9781321114881

A holistic approach to cloud security certification.
Hale, Matthew Loutrelle.

A holistic approach to cloud security certification. - 266 p.

Source: Dissertation Abstracts International, Volume: 75-12(E), Section: B.

Thesis (Ph.D.)--The University of Tulsa, 2014.

This item must not be sold to any third party vendors.

Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the Health Insurance Portability and Accountability Act (HIPAA), the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and c) ensure that all third party systems, which may exist outside of the information system enclave as third-party web services in the cloud, also implement appropriate security measures consistent with organizational expectations.

ISBN: 9781321114881Subjects--Topical Terms:

626642
Computer Science.

A holistic approach to cloud security certification.
LDR:03870nmm a2200313 4500 001 2057749
005 20150619125627.5
008 170521s2014 ||||||||||||||||| ||eng d
020 $a 9781321114881
035 $a (MiAaPQ)AAI3632209
035 $a AAI3632209
040 $a MiAaPQ $c MiAaPQ
100 1 $a Hale, Matthew Loutrelle. $3 3171631
245 1 2 $a A holistic approach to cloud security certification.
300 $a 266 p.
500 $a Source: Dissertation Abstracts International, Volume: 75-12(E), Section: B.
500 $a Adviser: Rose Gamble.
502 $a Thesis (Ph.D.)--The University of Tulsa, 2014.
506 $a This item must not be sold to any third party vendors.
520 $a Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the Health Insurance Portability and Accountability Act (HIPAA), the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and c) ensure that all third party systems, which may exist outside of the information system enclave as third-party web services in the cloud, also implement appropriate security measures consistent with organizational expectations.
520 $a Each part of this process has specific challenges associated with it. First, regulatory documents, originally designed with locally managed "in house" information systems in mind, are being interpreted and scaled to a cloud context without the formal underpinnings necessary for their common expression. Second, current system certification processes rely on a static system model that is not realistic for organizational systems on the cloud. Finally, organizations using third party web services cannot assess their regulatory compliance. They can neither inspect third party service designs nor replace a trusted service if it goes down, since there is no current method to assess vertical security compatibility. To resolve these issues, this work advocates a common expression methodology that consistently extracts technical requirements from regulatory documents in a way that is amenable to the cloud and facilitates both contextualization and reuse by other organizations following the same regulatory standard. A new formal design language, called Cloud X-UNITY, extends existing coordination language models to allow for reasoning over extracted regulatory requirements to prove a cloud's compliance with security expectations. Finally, a Service Level Agreement framework, called SecAgreement, and two accompanying matchmaking algorithms are developed for attaching compliance requirements and risk analysis information to cloud web services and automatically selecting the service that best meets consumer compliance requirements. Overall the combination forms a single compliance assessment approach.
590 $a School code: 0236.
650 4 $a Computer Science. $3 626642
650 4 $a Information Technology. $3 1030799
650 4 $a Engineering, Computer. $3 1669061
690 $a 0984
690 $a 0489
690 $a 0464
710 2 $a The University of Tulsa. $b Computer Science. $3 3171632
773 0 $t Dissertation Abstracts International $g 75-12B(E).
790 $a 0236
791 $a Ph.D.
792 $a 2014
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3632209