ISPC: An Information Security, Privacy, and Compliance Readiness Model for Cloud Computing Services

Fahad F Alruwaili, T. Aaron Gulliver


Cloud computing services and their delivery model enable cloud customers to obtain convenient, on-demand provisioning of configurable information technology (IT) resources with minimal investment. Organizations seeking to dramatically reduce costs, increase the speed of software testing and development, and gain agility in adapting to changes are motivated to adopt this new approach to IT services based on a pay-as-you-use model. However, cloud-specific information security, privacy, and compliance (ISPC) risks are a serious concern when migrating to the cloud. In addition, a comprehensive methodology is lacking for assessing the readiness of cloud information security, privacy, and compliance programs. Therefore, we propose an ISPC readiness model for evaluating the readiness of an organization to effectively and efficiently counter cloud threats and address compliance violations. This model includes guidelines and tools to support ISPC readiness evaluation and optimization when migrating to or employing cloud computing services. It also incorporates our prior work on risk assessment of cloud assets via the systems security engineering capability maturity model (SSE-CMM).

Full Text:



  • There are currently no refbacks.