Abstract
Third party services are an alternative to in-house ICT production and widely engaged. But the use of such industrialized and standardized ICT services, especially cloud computing, seems to conflict with underlying principles of risk management and security. A schema for the classification of service delivery models is introduced to realize the situation. Sourcing is a rather linear sequence of actions, whereas risk management is highly recurring and iterative. In an adapted process user organisations will not decode every specific security control since that is no longer appropriate in industrialised ICT production markets. Users will concentrate on rating the vendor (“who”) and assessing the service (“what”). Then special issues (“how”) are considered. Detailed guidance is given for these three steps. In this paper an adapted approach to user risk management is described. By this means users can get the most out of novel ICT provisioning models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gary Stoneburner, Alice Goguen, Alexis Feringa: Risk Management Guide for Information Technology Systems; NIST Special Publications 800–30
ISO/IEC 27005 – Information technology – Security techniques – Information security risk management
Eberhard von Faber: Auslagerung von IT-Services: Klassifikation und Risikomodell, Leitlinien für Anwender im “global sourcing”; BSM Anwender 201, Schriftenreihe: The Bulleting Security Management, ISSN 1869–2125, Herausgeber: Eberhard von Faber und Friedrich-L. Holl, Bezug: www.security-management.de
Eberhard von Faber: Cloud-Computing - Die Sicherheit im Fokus; it-management 4/2010, ISSN 0945–9650, S. 60–64
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
von Faber, E., Pauly, M. (2011). User Risk Management Strategies and Models – Adaption for Cloud Computing. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2010 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9788-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9788-6_8
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-1438-8
Online ISBN: 978-3-8348-9788-6
eBook Packages: EngineeringEngineering (R0)