Cybersecurity compliance analysis as a service: Requirements specification and application scenarios. (25th August 2017)
- Record Type:
- Journal Article
- Title:
- Cybersecurity compliance analysis as a service: Requirements specification and application scenarios. (25th August 2017)
- Main Title:
- Cybersecurity compliance analysis as a service: Requirements specification and application scenarios
- Authors:
- Furfaro, Angelo
Gallo, Teresa
Garro, Alfredo
Saccà, Domenico
Tundis, Andrea - Other Names:
- Delgado Olabarriaga Sílvia guestEditor.
Krefting Dagmar guestEditor.
Glatard Tristan guestEditor.
Zbakh Mostapha guestEditor.
Bakhouya Mohamed guestEditor.
Essaaidi Mohamed guestEditor.
Manneback Pierre guestEditor. - Abstract:
- Summary: Cybersecurity compliance analysis is the process of assessing whether the behavior of an IT system or application conforms to the cybersecurity rules and regulations in force. This assessment can be offered as a service by exploiting available cloud technologies, and, indeed, it is one of the services classified by the Cloud Security Alliance (CSA) as part of the security information and event management (SIEM) category of the SecaaS (security as a service) domain. The definition and implementation of this typology of cloud services are challenging activities due to the complexity of both the reference business domain and the compliance analysis services to be provided themselves. The paper exploits a recently proposed requirements methodology, called GOReM (goal‐oriented requirements methodology), to support the conceptualization and subsequent implementation of cybersecurity compliance analysis services. In particular, two different application scenarios regarding compliance analysis of an existing or under development IT system/application are presented and discussed. In both the scenarios, GOReM allows to grasp and understand the many and complex issues to address for providing secure cloud services to worldwide customers, also due to the numerous, different and ever changing legal aspects, which have to be taken into account by service providers.
- Is Part Of:
- Concurrency and computation. Volume 30:Number 12(2018)
- Journal:
- Concurrency and computation
- Issue:
- Volume 30:Number 12(2018)
- Issue Display:
- Volume 30, Issue 12 (2018)
- Year:
- 2018
- Volume:
- 30
- Issue:
- 12
- Issue Sort Value:
- 2018-0030-0012-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2017-08-25
- Subjects:
- cloud computing -- compliance analysis -- cybersecurity -- goal‐oriented methodology -- requirements engineering -- SecaaS
Parallel processing (Electronic computers) -- Periodicals
Parallel computers -- Periodicals
004.35 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/cpe.4289 ↗
- Languages:
- English
- ISSNs:
- 1532-0626
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3405.622000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 6769.xml