Skip to main content
SpringerLink
Log in

User Risk Management Strategies and Models – Adaption for Cloud Computing

  • Chapter
ISSE 2010 Securing Electronic Business Processes

Abstract

Third party services are an alternative to in-house ICT production and widely engaged. But the use of such industrialized and standardized ICT services, especially cloud computing, seems to conflict with underlying principles of risk management and security. A schema for the classification of service delivery models is introduced to realize the situation. Sourcing is a rather linear sequence of actions, whereas risk management is highly recurring and iterative. In an adapted process user organisations will not decode every specific security control since that is no longer appropriate in industrialised ICT production markets. Users will concentrate on rating the vendor (“who”) and assessing the service (“what”). Then special issues (“how”) are considered. Detailed guidance is given for these three steps. In this paper an adapted approach to user risk management is described. By this means users can get the most out of novel ICT provisioning models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • Gary Stoneburner, Alice Goguen, Alexis Feringa: Risk Management Guide for Information Technology Systems; NIST Special Publications 800–30

    Google Scholar 

  • ISO/IEC 27005 – Information technology – Security techniques – Information security risk management

    Google Scholar 

  • Eberhard von Faber: Auslagerung von IT-Services: Klassifikation und Risikomodell, Leitlinien für Anwender im “global sourcing”; BSM Anwender 201, Schriftenreihe: The Bulleting Security Management, ISSN 1869–2125, Herausgeber: Eberhard von Faber und Friedrich-L. Holl, Bezug: www.security-management.de

  • Eberhard von Faber: Cloud-Computing - Die Sicherheit im Fokus; it-management 4/2010, ISSN 0945–9650, S. 60–64

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. T-Systems, Bonn

    Eberhard von Faber

  2. Brandenburg University of Applied Science, Brandenburg

    Eberhard von Faber

  3. T-Systems, Bonn

    Michael Pauly

Authors
  1. Eberhard von Faber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Pauly
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Internet-Security, Gelsenkirchen University of Applied Sciences, Gelsenkirchen

    Norbert Pohlmann

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH

About this chapter

Cite this chapter

von Faber, E., Pauly, M. (2011). User Risk Management Strategies and Models – Adaption for Cloud Computing. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2010 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9788-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9788-6_8

  • Publisher Name: Vieweg+Teubner

  • Print ISBN: 978-3-8348-1438-8

  • Online ISBN: 978-3-8348-9788-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation