Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp. 223-236, 201

Evaluating cost taxonomies for information systems management

The consideration of costs, benefits and risks underpin many Information System (IS) evaluation decisions. Yet, vendors and project-champions alike tend to identify and focus much of their effort on the benefits achievable from the adoption of new technology, as it is often not in the interest of key stakeholders to spend too much time considering the wider cost and risk implications of enterprise-wide technology adoptions. In identifying a void in the literature, the authors of the paper present a critical analysis of IS-cost taxonomies. In doing so, the authors establish that such cost taxonomies tend to be esoteric and difficult to operationalize, as they lack specifics in detail. Therefore, in developing a deeper understanding of IS-related costs, the authors position the need to identify, control and reduce IS-related costs within the information systems evaluation domain, through culminating and then synthesizing the literature into a frame of reference that supports the evaluation of information systems through a deeper understanding of IS-cost taxonomies. The paper then concludes by emphasizing that the total costs associated with IS-adoption can only be determined after having considered the multi-faceted dimensions of information system investments

Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model

A framework for identifying uncertainties in long-term digital preservation

With the current expansion in digital information comes an increasing need to preserve such assets. The ENSURE (Enabling knowledge Sustainability, Usability and Recovery for Economic value) pro-ject, a research project under the European Community's Seventh Framework Programme, is the par-ent project to this research area and its aim is to conduct advanced research to address the challenges of Long Term Digital Preservation (LTDP) to ensure the successful preservation, availability and ac-cessibility of preserved data in the future. Focusing on identifying uncertainties in the LTDP activities and their impact on cost and economic performance of digital preservation systems, this paper dis-cusses a framework to identify uncertainties in LTDP for business sectors interested