Security assurance assessment methodology for hybrid clouds

The emergence of the cloud computing paradigm has altered the delivery models for ICT services. Unfortunately, the widespread use of the cloud has a cost, in terms of reduced transparency and control over a user's information and services. In addition, there are a number of well-understood security and privacy challenges that are specific to this environment. These drawbacks are particularly problematic to operators of critical information infrastructures that want to leverage the benefits of cloud. To improve transparency and provide assurances that measures are in place to ensure security, novel approaches to security evaluation are needed. To evaluate the security of services that are deployed in the cloud requires an evaluation of complex multi-layered systems and services, including their interdependencies. This is a challenging task that involves significant effort, in terms of both computational and human resources. With these challenges in mind, we propose a novel security assessment methodology for analysing the security of critical services that are deployed in cloud environments. Our methodology offers flexibility, in that tailored policy-driven security assessments can be defined based on a user's requirements, relevant standards, policies, and guidelines. We have implemented and evaluated a system that supports online assessments using our methodology, which acquires and processes large volumes of security-related data without affecting the performance of the services in a cloud environment

Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud

A high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.SECCRI

Towards Resilience Metrics for Future Cloud Applications

An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably,new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities andattack vectors. In this paper, we investigate and analyse technological and security trends and their potentialto become future threats by systematically examining industry reports on existing technologies. Using a cloudcomputing use case we identify potential resilience metrics that can shed light on the security properties of thesystem.SECCRIT - Secure Cloud Computing for Critical Infrastructure I

Security assurance assessment methodology for hybrid clouds

The emergence of the cloud computing paradigm has altered the delivery models for ICT services. Unfortunately, the widespread use of the cloud has a cost, in terms of reduced transparency and control over a user's information and services. In addition, there are a number of well-understood security and privacy challenges that are specific to this environment. These drawbacks are particularly problematic to operators of critical information infrastructures that want to leverage the benefits of cloud. To improve transparency and provide assurances that measures are in place to ensure security, novel approaches to security evaluation are needed. To evaluate the security of services that are deployed in the cloud requires an evaluation of complex multi-layered systems and services, including their interdependencies. This is a challenging task that involves significant effort, in terms of both computational and human resources. With these challenges in mind, we propose a novel security assessment methodology for analysing the security of critical services that are deployed in cloud environments. Our methodology offers flexibility, in that tailored policy-driven security assessments can be defined based on a user's requirements, relevant standards, policies, and guidelines. We have implemented and evaluated a system that supports online assessments using our methodology, which acquires and processes large volumes of security-related data without affecting the performance of the services in a cloud environment

2017 ESC Guidelines for the management of acute myocardial infarction in patients presenting with ST-segment elevation: The Task Force for the management of acute myocardial infarction in patients presenting with ST-segment elevation of the European Society of Cardiology (ESC).

The ESC Guidelines represent the views of the ESC and were produced after careful consideration of the scientific and medical knowledge and the evidence available at the time of their publication. The ESC is not responsible in the event of any contradiction, discrepancy and/or ambiguity between the ESC Guidelines and any other official recommendations or guidelines issued by the relevant public health authorities, in particular in relation to good use of healthcare or therapeutic strategies. Health professionals are encouraged to take the ESC Guidelines fully into account when exercising their clinical judgment, as well as in the determination and the implementation of preventive, diagnostic or therapeutic medical strategies; however, the ESC Guidelines do not override, in any way whatsoever, the individual responsibility of health professionals to make appropriate and accurate decisions in consideration of each patient's health condition and in consultation with that patient and, where appropriate and/or necessary, the patient's caregiver. Nor do the ESC Guidelines exempt health professionals from taking into full and careful consideration the relevant official updated recommendations or guidelines issued by the competent public health authorities, in order to manage each patient's case in light of the scientifically accepted data pursuant to their respective ethical and professional obligations. It is also the health professional's responsibility to verify the applicable rules and regulations relating to drugs and medical devices at the time of prescription