A guide to implementing cloud services

The Australian Government’s policy on cloud computing is that agencies may choose to use cloud computing services where they provide value for money and adequate security, as stated in the April 2011 Australian Government Cloud Computing Strategic Direction Paper1 (the Strategic Direction Paper).   Readers new to cloud computing should read the Strategic Direction Paper which provides an introduction to cloud computing, a definition and an overview of its associated risks and benefits as they apply to Australian Government agencies. The guide supports the Strategic Direction Paper and provides an overarching risk-based approach for agencies to develop an organisational cloud strategy and implement cloud-based services. It is designed as an aid for experienced business strategists, architects, project managers, business analysts and IT staff to realise the benefits of cloud computing technology while managing risks

CERN openlab Whitepaper on Future IT Challenges in Scientific Research

This whitepaper describes the major IT challenges in scientific research at CERN and several other European and international research laboratories and projects. Each challenge is exemplified through a set of concrete use cases drawn from the requirements of large-scale scientific programs. The paper is based on contributions from many researchers and IT experts of the participating laboratories and also input from the existing CERN openlab industrial sponsors. The views expressed in this document are those of the individual contributors and do not necessarily reflect the view of their organisations and/or affiliates

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Information Security Requirements for B2B SaaS Providers

To gain a competitive advantage, companies are continuously more willing to collaborate with other companies and share information between them (Karlsson et al. 2015). Outsourcing is a viable option for many companies offering cost savings and improving efficiency, however, it does not come without risks to information security (Khidzir et al. 2010). Due to the current business environment of interorganisational collaboration, new threats are emerging in the space of information security. Collaborating with other companies introduces new threats by creating possibilities for non-compliant behaviour, intrusion, and exposure. (Goodman and Ramer 2014.) Therefore, organisations must now rely on partners to ensure information security is upheld on an interorganisational level (Karlsson et al. 2015). Within the field of information technology, cloud computing has grown to become one of the most dominant computing paradigms in recent years. According to some estimations, by 2024, more than 45 percent of companies’ IT spending will consist of cloud computing solutions. (Gartner, 2019.) The reason for cloud computing’s rapid increase in popularity is due to its promise of bringing down costs while delivering the same, and potentially more, functionalities as traditional information technology (Marston et al. 2011). However, information security concerns can be seen as one of the biggest challenges that the cloud computing paradigm must overcome for it to reach its full potential (Tipton et al. 2012). Therefore, in this increasingly connected and digital business environment, a fundamental challenge for companies is to meet information security requirements (Gordon et al. 2010). Organisations must adhere to both standard and organisation-specific information security guidelines to meet these requirements (Thalmann et al. 2012). Managing security in companies both providing and consuming services is no longer limited to internal services, systems, and infrastructure. Furthermore, companies providing services to other parties must also consider the requirements of their customers. (Currie et al. 2001.) I am conducting this research for a SaaS company, SoftCo, which operates in the enterprise software industry. The aim of this research was to understand what the most common information security requirements are for SaaS companies by analysing the customer questionnaires regarding information security of the subject organisation SoftCo. These findings are gathered into an artifact which includes the most important information security themes and questions from the analysed companies. This study was conducted as a qualitative study using document analysis to gather the data for identifying the information security themes. Additionally, I have evaluated the produced artifact according to the design science research method process by Peffers et al. (2007) where I compared the information security themes with the ISO/IEC 27001 standard for information security management. In this study I was able to determine 24 different information security themes that were important to customers of SoftCo and also show which of these themes were of most importance according to the questionnaires. Based on these three themes, I identified three areas of information security which were highlighted in the questionnaires: the shift of administrative control from the customer to the service provider, ensuring business continuity and protection against external threats, and concerns regarding auditability and compliance of the service provided

Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Report on the evaluation of surveillance systems relevant to zoonotic diseases in Kenya, 2015: A basis for design of an integrated human–livestock surveillance system

The Zoonoses in Livestock in Kenya (ZooLinK) is a project that seeks to enable Kenya develop an effective surveillance programme for zoonotic diseases (infectious diseases transmissible between animals and human beings). The surveillance programme will be integrated across both human and animal health sectors. To achieve this goal the project will work in close collaboration with Kenyan government departments in responsible for animal and human health. As a prelude to the start of the project, an evaluation of the existing surveillance systems for human and animal health was carried out. The evaluation focused on the national surveillance system and the systems at the western part of Kenya (Busia county, Kakamega county and Bungoma county) where the initial programme will be developed. In conducting the evaluation the investigators used key informant interviews, focused group discussion participant questionnaires, audio recordings and observation for data collection. Data analysis for the qualitative data focused on generating themes or theory around the responses obtained in the key informants interviews and focused group discussions. Univariate analysis was performed by use of simple proportions in calculation for surveillance system attributes like sensitivity, completeness, PVP and Timeliness for the human health surveillance systems. The findings of the evaluation revealed that there was poor linkage between animal health surveillance and the human health surveillance systems. None of the systems had surveillance structures dedicated to zoonotic diseases. Most practitioners used clinical signs for diagnosis of diseases with little reference to acceptable case definitions. Laboratory diagnosis in animal health services focused more on suspected notifiable diseases as opposed to being a standard operating procedure for diagnosis. In Human health services the health care facilities that had laboratory within the facility conducted laboratory diagnosis for cases referred by the clinicians. However, some clinicians preferred using clinical signs for diagnosis to avoid the wait or turn-around time in the laboratory. For effective surveillance of zoonoses to be realized it would be advisable to establish surveillance structures specific to zoonoses and the necessary resources allocated to the surveillance activities. In addition, an integrated approach that incorporated both human and animal disease surveillance should be employed in the surveillance of zoonoses

Attribute Based Encryption for Secure Data Access in Cloud

Cloud computing is a progressive computing worldview, which empowers adaptable, on-request, and ease use of Information Technology assets. However, the information transmitted to some cloud servers, and various protection concerns are arising out of it. Different plans given the property-based encryption have been proposed to secure the Cloud Storage. In any case, most work spotlights on the information substance security and the get to control, while less consideration towards the benefit control and the character protection. In this paper, a semi-anonymous benefit control conspires AnonyControl to address the information protection, as well as the client character security in existing access control plans. AnonyControl decentralizes the central authority to restrain the character spillage and accordingly accomplishes semi-anonymity. Furthermore, it likewise sums up the document get to control to the benefit control, by which advantages of all operations on the cloud information managed in a fine-grained way. Along these lines, display the AnonyControl-F, which ultimately keeps the character spillage and accomplish the full secrecy. Our security assessment demonstrates that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie-Hellman presumption, and our execution assessment shows the attainability of our plans. Index Terms: Anonymity, multi-authority, attribute-based encryption

Data management support pack

This pack is designed to help you produce high quality, reusable and open data from your research activities. It consists of documents, templates and videos covering the different aspects of data management and ranging from the overarching concepts and strategies through to the day-to-day activities. For each of the videos in the pack we have included a transcript of the narrative. The Data Management Support Pack was created to support the implementation of the CCAFS Data Management strategy