Developing a Conceptual Framework for Cloud Security Assurance

Postprin

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin

The case for cloud service trustmarks and assurance-as-a-service

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing

Enhancing Cloud Security and Privacy : Broadening the Service Level Agreement

Postprin

D:A4.1 Socio-economic impact assessment

The executive summary ends with six concise recommendations for facilitating more accountability for data management in cloud ecosystems: 1. Provide a stronger legal base for and enforcement of data protection and accountable behavior; 2. Facilitate independent auditing of responsible data stewardship; 3. Increase public awareness of the need for accountability; 4. Balance existing information asymmetries via partnerships; 5. Focus on larger enterprises working in the public sector first, as these can serve as an example for other types of businesses; 6. Demonstrate how A4Cloud tools and mechanisms can be turned into a business model in order to encourage greater uptake and use

Towards a Data Governance Framework for Third Generation Platforms

The fourth industrial revolution considers data as a business asset and therefore this is placed as a central element of the software architecture (data as a service) that will support the horizontal and vertical digitalization of industrial processes. The large volume of data that the environment generates, its heterogeneity and complexity, as well as its reuse for later processes (e.g. analytics, IA) requires the adoption of policies, directives and standards for its right governance. Furthermore, the issues related to the use of resources in the cloud computing must be taken into account with the aim of meeting the requirements of performance and security of the different processes. This article, in the absence of frameworks adapted to this new architecture, proposes an initial schema for developing an effective data governance programme for third generation platforms, that means, a conceptual tool which guides organizations to define, design, develop and deploy services aligned with its vision and business goals in I4.0 era.This work is partially funded by Spanish Government through the research project TIN2017-86520-C3-3-R

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations

The Importance of Proper Measurement for a Cloud Security Assurance Model

Postprin

Technology, governance, and a sustainability model for small and medium-sized towns in Europe

New and cutting-edge technologies causing deep changes in societies, playing the role of game modifiers, and having a significant impact on global markets in small and medium-sized towns in Europe (SMSTEs) are the focus of this research. In this context, an analysis was carried out to identify the main dimensions of a model for promoting innovation in SMSTEs. The literature review on the main dimensions boosting the innovation in SMSTEs and the methodological approach was the application of a survey directed to experts on this issue. The findings from the literature review reflect that technologies, governance, and sustainability dimensions are enablers of SMSTEs’ innovation, and based on the results of the survey, a model was implemented to boost innovation, being this the major add-on of this research.info:eu-repo/semantics/publishedVersio