Cloud computing is definitely an forthcoming paradigm which provides huge benefits in economical aspects, for example decreased time and energy to market, flexible computing capabilities, and unlimited processing potential. To make use of the full potential of cloud computing, info is transmitted, processed and stored by external cloud providers. Having said that, data owners are quite hesitant to put their data outside their very own control sphere. This particular dissertation talks about to which degree this skepticism is justified, by introducing the Cloud Computing Confidentiality Framework (CCCF). The CCCF is a step-by-step framework that produces mapping from data sensitivity onto the most appropriate cloud computing architecture. To make this happen, the CCCF determines first of all the security mechanisms needed for each data sensitivity level, secondly which of these security controls might not be supported in a few computing environments, and ultimately which solutions could be used to deal with the identified security limitations of cloud computing….
Contents: Cloud Computing & Confidentiality
1 Introduction
1.1 Research motivation and objectives
1.2 Research questions
1.3 Research scope
1.4 Capgemini
1.5 Thesis structure
2 Background
2.1 Cloud key characteristics
2.2 Cloud service models
2.3 Cloud deployment models
2.4 Cloud security issues
3 Research methodology
3.1 Orientation
3.2 Literature review
3.3 Design & specification of the framework
4 Literature review
4.1 Top ranked journal selection
4.2 Selection criteria
4.3 Search engine selection
4.4 Keyword selection and search query construction
4.5 Search results
4.6 Literature analysis
4.6.1 Data protection concept
4.6.2 Data location concept
4.6.3 System task concept
4.7 Literature review conclusion
5 Towards an extended risk management framework
5.1 Literature dimensions
5.1.1 System tasks dimension
5.1.2 Data location dimension
5.1.3 Data protection dimension
5.2 Present-day information security practices
5.2.1 Risk management
MSc. Thesis Guido Kok 5 | Page
5.3 Extending the risk management framework
6 The Cloud Computing Confidentiality Framework
6.1 Identify business and information system goals and objectives
6.2 Business impact analysis
6.3 Data & system classification
6.3.1 Classification step 1: Identify information types
6.3.2 Classification step 2: Select Provisional Impact Levels
6.3.3 Classification step 3: Review provisional impact levels, adjust and finalize
6.3.4 Classification step 4: Assign system security category
6.3.5 Documenting the security categorization process
6.4 System security control selection
6.4.1 Selecting the initial security control baseline
6.4.2 Tailoring the security control baseline
6.4.3 Supplementing the tailored security controls
6.5 Cloud control limitations
6.5.1 Baseline security control limitations
6.5.2 Optional security control limitations
6.5.3 Three general security limitations
6.6 Cloud security solutions
7 Framework validation
7.1 Validation approach
7.2 First round of validation
7.3 Second round of validation
7.4 Final round of validation
8 Conclusions and further work….
Source: University of Twente
Download URL 2: Visit Now