ISPC: An Information Security, Privacy, and Compliance Readiness Model for Cloud Computing Services

Authors

  • Fahad F Alruwaili Shaqra University Saudi Arabia and Electrical and Computer Engineering Faculty of Engineering Dept. of Electrical & Computer Engineering University of Victoria P.O. Box 1700 STN CSC Victoria, BC CANADA V8W 2Y2
  • T. Aaron Gulliver Faculty of Engineering Dept. of Electrical & Computer Engineering University of Victoria P.O. Box 1700 STN CSC Victoria, BC CANADA V8W 2Y2

Abstract

Cloud computing services and their delivery model enable cloud customers to obtain convenient, on-demand provisioning of configurable information technology (IT) resources with minimal investment. Organizations seeking to dramatically reduce costs, increase the speed of software testing and development, and gain agility in adapting to changes are motivated to adopt this new approach to IT services based on a pay-as-you-use model. However, cloud-specific information security, privacy, and compliance (ISPC) risks are a serious concern when migrating to the cloud. In addition, a comprehensive methodology is lacking for assessing the readiness of cloud information security, privacy, and compliance programs. Therefore, we propose an ISPC readiness model for evaluating the readiness of an organization to effectively and efficiently counter cloud threats and address compliance violations. This model includes guidelines and tools to support ISPC readiness evaluation and optimization when migrating to or employing cloud computing services. It also incorporates our prior work on risk assessment of cloud assets via the systems security engineering capability maturity model (SSE-CMM).

Author Biographies

  • Fahad F Alruwaili, Shaqra University Saudi Arabia and Electrical and Computer Engineering Faculty of Engineering Dept. of Electrical & Computer Engineering University of Victoria P.O. Box 1700 STN CSC Victoria, BC CANADA V8W 2Y2

    Fahad Alruwaili is a faculty member and academic advisor at computer science department at University of Shaqra, Saudi Arabia. He freelance and works as information security and computer networks consultant with over six years of practical and administrative experience. He earned his BS degree in Computer Engineering from King Fahd University of Petroleum and Minerals, Saudi Arabia, in 2002. In 2008, he achieved his MS degree in Computer, Information, and Network Security with first class honor from DePaul University, Chicago USA. In 2011, he received his second MS in Information Systems and Technology from Claremont Graduate University, Los Angeles USA. He’s currently working on his Ph.D. at University of Victoria in Canada.

    To have access to my work and competencies, please visit my LinkedIn page

    http://www.linkedin.com/in/fahadalruwaili

  • T. Aaron Gulliver, Faculty of Engineering Dept. of Electrical & Computer Engineering University of Victoria P.O. Box 1700 STN CSC Victoria, BC CANADA V8W 2Y2
    T. Aaron Gulliver received the B.Sc.(Eng.) and M.Sc.(Eng.) degrees in Electrical Engineering from the University of New Brunswick, Fredericton, New Brunswick, in 1982 and 1984, respectively, and the Ph.D. degree in Electrical Engineering from the University of Victoria in 1989.

    From 1989 to 1991 he was employed as a Defence Scientist at Defence Research Establishment Ottawa, Ottawa, Ontario, where he was primarily involved in research on frequency hop satellite communications.

    From 1990 to 1991 he was an Adjunct Research Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa. In 1991, he joined the department as an Assistant Professor, and was promoted to Associate Professor in 1995. From 1996 to 1999 he was a Senior Lecturer in the Department of Electrical and Electronic Engineering at the University of Canterbury, Christchurch, New Zealand. He is now a Professor in the Department of Electrical and Computer Engineering at the University of Victoria.

    He was registration chair for the 1995 IEEE International Symposium on Information Theory which was held in Whistler, BC, Canada. In 2001, 2005, 2007, 2009 and 2011 he was the co-chair of the IEEE Pacific Rim Conference on Communications, Computers and Signal Processing. He was also the co-chair of the 2003 Information Theory Workshop held in Paris. He has been on the organizing committees of numerous other international conferences.

    From 2000-2003, he was Secretary and a member of the Board of Governors of the IEEE Information Theory Society.

    He is a Senior Member of the Institute of Electrical and Electronic Engineers and a member of the Association of Professional Engineers and Geoscientists of British Columbia, Canada.

    He is the author or co-author of over 500 published papers.

    In 2000, he was awarded a Research Fellowship by the British Columbia Advanced Systems Institute.

    In 2002, he was made a Fellow of the Engineering Institute of Canada . In 2012, he was made a Fellow of the Canadian Academy of Engineering.

    His research interests include algebraic coding theory, information theory, cryptography, design and construction of error correcting codes decoding and implementation of error correcting codes, soft decision decoding of block codes, turbo codes and iterative decoding, error control coding for computer memories, ultra-wideband and spread spectrum communication systems, mobile and personal communications, OFDM, smart grid and green communications.

References

Downloads

Published

2014-11-30

Issue

Vol. 4 No. 4 (2014): International Journal of Future Generation Distributed Systems (IJFGDS)

Section

Articles

License

The copyright of a submitted article is only transferred to the publishers if and when the article is accepted for publication.