Cloud security auditing: Challenges and emerging approaches

Jungwoo Ryoo; Syed Rizvi; William Aiken; John Kissell

doi:10.1109/MSP.2013.132

Cloud security auditing: Challenges and emerging approaches

Jungwoo Ryoo, Syed Rizvi, William Aiken, John Kissell

Division of Business, Engineering, and Information Sciences & Technology (Altoona)

Research output: Contribution to journal › Article › peer-review

50 Scopus citations

Abstract

IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

Original language	English (US)
Article number	6662349
Pages (from-to)	68-74
Number of pages	7
Journal	IEEE Security and Privacy
Volume	12
Issue number	6
DOIs	https://doi.org/10.1109/MSP.2013.132
State	Published - Nov 1 2014

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Access to Document

10.1109/MSP.2013.132

Cite this

@article{3aac1d90ef0347c0878276325a0da30d,

title = "Cloud security auditing: Challenges and emerging approaches",

abstract = "IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.",

author = "Jungwoo Ryoo and Syed Rizvi and William Aiken and John Kissell",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.",

year = "2014",

month = nov,

day = "1",

doi = "10.1109/MSP.2013.132",

language = "English (US)",

volume = "12",

pages = "68--74",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "6",

}

TY - JOUR

T1 - Cloud security auditing

T2 - Challenges and emerging approaches

AU - Ryoo, Jungwoo

AU - Rizvi, Syed

AU - Aiken, William

AU - Kissell, John

PY - 2014/11/1

Y1 - 2014/11/1

N2 - IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

AB - IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

UR - http://www.scopus.com/inward/record.url?scp=84921373513&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921373513&partnerID=8YFLogxK

U2 - 10.1109/MSP.2013.132

DO - 10.1109/MSP.2013.132

M3 - Article

AN - SCOPUS:84921373513

SN - 1540-7993

VL - 12

SP - 68

EP - 74

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 6

M1 - 6662349

ER -

Cloud security auditing: Challenges and emerging approaches

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this