4 research outputs found
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
MEASURING AND INDICATING THE LEVEL OF INFORMATION SECURITY – AN ANALYSIS OF CURRENT APPROACHES
In times of increasing digitalization of processes in companies the topic of information security has become relevant for every industry. For this, a standardization of information security with normative standards such as ISO/IEC 27001:2022 has been established to define requirements and to assess at regular intervals the conformity of the management systems. However, practice shows that companies are fulfilling the requirements only at a minimum level and don’t have a real overview of their security level and the impact of existing risks. This paper evaluates how decision makers in companies currently interpret their security level using metrics. Regarding this, the relationship with effectiveness and conformity of their information security measures are shown and analyzed. Furthermore, in this paper a selection of the most common used practices and frameworks for measuring and certifying information security systems has been analyzed. The results of this research show that there is a need for on overall security perspective and include a proposal on how a structured approach should be defined
A Comparison between Business Process Management and Information Security Management
Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing environment is likely to affect business process flow, while redesigning a business process will most certainly have security implications. Hence, in this paper, we investigate the similarities and differences between Business Process Management (BPM) and Information Security Management (ISM), and explore the obstacles and opportunities for integrating the two concepts. We compare three levels of abstraction common for both approaches; top-level implementation strategies, organizational risk views & associated tasks, and domains. With some minor differences, the comparisons shows that there is a strong similarity in the implementation strategies, organizational views and tasks of both methods. The domain comparison shows that ISM maps to the BPM domains; however, some of the BPM domains have only limited support in ISM