DOI: 10.5176/2251-2136_ICT-BDCS17.21

Authors: Kemmler, Bastian; Breuer, Marcel; Metzger, Stefan; Kranzlm├╝ller, Dieter


For cloud service providers the implementation and operation of an integrated cloud service and security management system are crucial for their success as a provider. While many providers already follow best-practices like ISO/IEC 20k and also attempt to comply with security management standards to some extent, operating those management systems in a non-integrated form is inefficient and costly. Therefore, we identified the differences between the two popular management system standards ISO/IEC 20k and ISO/IEC 27k. If a provider is already compliant with the standard ISO/IEC 20k, a list of additional requirements support such a provider in acquiring ISO/IEC 27k conformity. By mapping those requirements to often pre-existing applicable processes, each of those processes becomes a manageable fraction of the integrated management system.

Keywords: Cloud Security Management; Cloud Service Management;


Price: $0.00

Loading Updating cart...