Authors: Kemmler, Bastian; Breuer, Marcel; Metzger, Stefan; Kranzlmüller, Dieter
For cloud service providers the implementation and operation of an integrated cloud service and security management system are crucial for their success as a provider. While many providers already follow best-practices like ISO/IEC 20k and also attempt to comply with security management standards to some extent, operating those management systems in a non-integrated form is inefficient and costly. Therefore, we identified the differences between the two popular management system standards ISO/IEC 20k and ISO/IEC 27k. If a provider is already compliant with the standard ISO/IEC 20k, a list of additional requirements support such a provider in acquiring ISO/IEC 27k conformity. By mapping those requirements to often pre-existing applicable processes, each of those processes becomes a manageable fraction of the integrated management system.
Keywords: Cloud Security Management; Cloud Service Management;