{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T04:09:28Z","timestamp":1750133368657,"version":"3.41.0"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319543796"},{"type":"electronic","value":"9783319543802"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-54380-2_2","type":"book-chapter","created":{"date-parts":[[2017,3,18]],"date-time":"2017-03-18T12:32:36Z","timestamp":1489840356000},"page":"19-39","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?"],"prefix":"10.1007","author":[{"given":"Bob","family":"Duncan","sequence":"first","affiliation":[]},{"given":"Mark","family":"Whittington","sequence":"additional","affiliation":[]},{"given":"Martin Gilje","family":"Jaatun","sequence":"additional","affiliation":[]},{"given":"Alfredo Ramiro Reyes","family":"Z\u00fa\u00f1iga","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,3,19]]},"reference":[{"issue":"6","key":"2_CR1","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1016\/j.ijinfomgt.2015.08.001","volume":"35","author":"A Ahmad","year":"2015","unstructured":"Ahmad, A., Maynard, S.B., Shanks, G.: A case analysis of information systems and security incident responses. Int. J. Inf. Manag. 35(6), 717\u2013723 (2015)","journal-title":"Int. J. Inf. Manag."},{"key":"2_CR2","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"RJ Anderson","year":"2008","unstructured":"Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, vol. 50. Wiley, Hoboken (2008)"},{"issue":"4","key":"2_CR3","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/s10551-005-7888-5","volume":"61","author":"S Arjoon","year":"2012","unstructured":"Arjoon, S.: Corporate governance: an ethical perspective. J. Bus. Ethics 61(4), 343\u2013352 (2012)","journal-title":"J. Bus. Ethics"},{"issue":"4","key":"2_CR4","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1145\/1721654.1721672","volume":"53","author":"M Armbrust","year":"2010","unstructured":"Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50\u201358 (2010)","journal-title":"Commun. ACM"},{"key":"2_CR5","unstructured":"Baldwin, A., Beres, Y., Mont, M.C., Shiu, S., Duggan, G., Johnson, H., Middup, C.: An experiment in decision making WEIS 2011. In: WEIS, pp. 1\u201328 (2011)"},{"key":"2_CR6","unstructured":"Beautement, A., Pym, D.: Structured systems economics for security management. In: WEIS, pp. 1\u201320 (2010)"},{"key":"2_CR7","unstructured":"Boyd, J.R.: Organic design for command and control. A discourse on winning and losing (1987)"},{"issue":"1","key":"2_CR8","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1016\/j.ijinfomgt.2015.09.008","volume":"36","author":"V Chang","year":"2016","unstructured":"Chang, V., Ramachandran, M., Yao, Y., Kuo, Y.H., Li, C.S.: A resiliency framework for an enterprise cloud. Int. J. Inf. Manag. 36(1), 155\u2013166 (2016)","journal-title":"Int. J. Inf. Manag."},{"key":"2_CR9","volume-title":"Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World","author":"FS Chapin","year":"2009","unstructured":"Chapin, F.S., Kofinas, G.P., Folke, C.: Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World. Springer, Heidelberg (2009)"},{"key":"2_CR10","unstructured":"Doelitzscher, F., Ruebsamen, T., Karbe, T., Reich, C., Clarke, N.: Sun behind clouds - on automatic cloud security audits and a cloud audit policy language. Int. J. Adv. Netw. Serv. 6(1&2) (2013)"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Duncan, B., Pym, D.J., Whittington, M.: Developing a conceptual framework for cloud security assurance. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), Bristol, vol. 2, pp. 120\u2013125. IEEE (2013)","DOI":"10.1109\/CloudCom.2013.144"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Duncan, B., Whittington, M.: Compliance with standards, assurance and audit: does this equal security? In: Proceedings of the 7th International Conference on Security of Information and Networks, Glasgow, pp. 77\u201384. ACM (2014)","DOI":"10.1145\/2659651.2659711"},{"key":"2_CR13","unstructured":"Duncan, B., Whittington, M.: Company management approaches stewardship or agency: which promotes better security in cloud ecosystems? In: Cloud Computing, Nice, pp. 154\u2013159. IEEE (2015a)"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Duncan, B., Whittington, M.: Enhancing cloud security and privacy: broadening the service level agreement. In: The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2015), Helsinki, Finland, pp. 1088\u20131093 (2015b)","DOI":"10.1109\/Trustcom.2015.487"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Duncan, B., Whittington, M.: Information security in the cloud: should we be using a different approach? In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, pp. 1\u20136 (2015c)","DOI":"10.1109\/CloudCom.2015.92"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Duncan, B., Whittington, M.: Reflecting on whether checklists can tick the box for cloud security. In: Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, Singapore, vol. 2015-February, pp. 805\u2013810. IEEE (2015d)","DOI":"10.1109\/CloudCom.2014.165"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Duncan, B., Whittington, M.: The importance of proper measurement for a cloud security assurance model. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, pp. 1\u20136 (2015e)","DOI":"10.1109\/CloudCom.2015.91"},{"key":"2_CR18","unstructured":"Duncan, B., Whittington, M.: Enhancing cloud security and privacy: the power and the weakness of the audit trail. In: Submitted to Cloud Computing, Rome, pp. 1\u20136. IEEE (2016)"},{"key":"2_CR19","unstructured":"EU: Unleashing the Potential of Cloud Computing in Europe (2012)"},{"key":"2_CR20","unstructured":"EU: Cloud service level agreement standardisation guidelines. Technical report, EU Commission, Brussels (2014)"},{"key":"2_CR21","unstructured":"EU: Reform of EU data protection rules (2016)"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Fr\u00f8ystad, C., Gj\u00e6re, E.A., T\u00f8ndel, I.A., Jaatun, M.G.: Security incident information exchange for cloud services. In: Proceedings of International Conference on Internet of Things and Big Data (2016)","DOI":"10.5220\/0005953803910398"},{"issue":"2","key":"2_CR23","first-page":"452","volume":"26","author":"A Gill","year":"2008","unstructured":"Gill, A.: Corporate governance as social responsibility: a research agenda. Berkeley J. Int. Law 26(2), 452\u2013478 (2008)","journal-title":"Berkeley J. Int. Law"},{"key":"2_CR24","unstructured":"Harrington, H.J.: Measurement. CIO, 19 September 1999"},{"issue":"S1","key":"2_CR25","doi-asserted-by":"publisher","first-page":"S65","DOI":"10.1111\/j.1467-8551.2005.00448.x","volume":"16","author":"M Huse","year":"2005","unstructured":"Huse, M.: Accountability and creating accountability: a framework for exploring behavioural perspectives of corporate governance. Br. J. Manag. 16(S1), S65\u2013S79 (2005)","journal-title":"Br. J. Manag."},{"key":"2_CR26","unstructured":"Ioannidis, C., Pym, D., Williams, J.: Sustainability in information stewardship: time preferences: externalities and social co-ordination. In: WEIS 2013, pp. 1\u201324 (2013)"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Nyre, \u00c5.A., Alapnes, S., Zhao, G.: An approach to confidentiality control in the cloud. In: Proceedings of the 2nd International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless Vitae Chennai 2011) (2011)","DOI":"10.1109\/WIRELESSVITAE.2011.5940844"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Pearson, S., Gittler, F., Leenes, R., Niezen, M.: Enhancing accountability in the cloud. Int. J. Inf. Manag. (2016, to appear)","DOI":"10.1016\/j.ijinfomgt.2016.03.004"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., T\u00f8ndel, I.A.: How much cloud can you handle? In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 467\u2013473 (2015)","DOI":"10.1109\/ARES.2015.38"},{"key":"2_CR30","doi-asserted-by":"publisher","DOI":"10.1142\/6355","volume-title":"Stewardship Based Economics","author":"R Kao","year":"2007","unstructured":"Kao, R.: Stewardship Based Economics. World Scientific, Singapore (2007)"},{"key":"2_CR31","unstructured":"Kaspersky: Global Corporate IT Security Risks. Technical report, May 2013"},{"issue":"1","key":"2_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1002\/bse.511","volume":"17","author":"A Kolk","year":"2008","unstructured":"Kolk, A.: Sustainability, accountability and corporate governance: exploring multinationals\u2019 reporting practices. Bus. Strateg. Environ. 17(1), 1\u201315 (2008)","journal-title":"Bus. Strateg. Environ."},{"key":"2_CR33","volume-title":"Computer-Related Risks","author":"PG Neumann","year":"1995","unstructured":"Neumann, P.G.: Computer-Related Risks. Addison-Wesley, Reading (1995)"},{"key":"2_CR34","unstructured":"OED: Oxford English Dictionary (1989)"},{"key":"2_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-319-14609-6_3","volume-title":"Economics of Grids, Clouds, Systems, and Services","author":"F Pallas","year":"2014","unstructured":"Pallas, F.: An agency perspective to cloud computing. In: Altmann, J., Vanmechelen, K., Rana, O.F. (eds.) GECON 2014. LNCS, vol. 8914, pp. 36\u201351. Springer, Heidelberg (2014). doi: 10.1007\/978-3-319-14609-6_3"},{"key":"2_CR36","volume-title":"Fighting Computer Crime: A New Framework for Protecting Information","author":"DB Parker","year":"1998","unstructured":"Parker, D.B., Crime, F.C.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, Hoboken (1998)"},{"key":"2_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/978-3-642-10665-1_12","volume-title":"Cloud Computing","author":"S Pearson","year":"2009","unstructured":"Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 131\u2013144. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-10665-1_12"},{"key":"2_CR38","unstructured":"PWC: UK Information Security Breaches Survey. Technical report, London, April 2012"},{"key":"2_CR39","unstructured":"Reyes, A.: Outsourced incident management services (2015)"},{"key":"2_CR40","doi-asserted-by":"crossref","unstructured":"Reyes, A., Jaatun, M.G.: Passing the buck: outsourcing incident response management. In: IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 503\u2013508 (2015)","DOI":"10.1109\/CloudCom.2015.42"},{"issue":"5","key":"2_CR41","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1109\/MSP.2014.102","volume":"12","author":"B Schneier","year":"2014","unstructured":"Schneier, B.: The future of incident response. IEEE Secur. Priv. 12(5), 96\u201396 (2014)","journal-title":"IEEE Secur. Priv."},{"key":"2_CR42","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.cose.2014.05.003","volume":"45","author":"IA T\u00f8ndel","year":"2014","unstructured":"T\u00f8ndel, I.A., Line, M.B., Jaatun, M.G.: Information security incident management: current practice as reported in the literature. Comput. Secur. 45, 42\u201357 (2014)","journal-title":"Comput. Secur."},{"issue":"4","key":"2_CR43","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/274348.274359","volume":"5","author":"GT Willingmyre","year":"1997","unstructured":"Willingmyre, G.T.: Standards at the crossroads. StandardView 5(4), 190\u2013194 (1997)","journal-title":"StandardView"}],"container-title":["Lecture Notes in Computer Science","Enterprise Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-54380-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T02:05:25Z","timestamp":1750125925000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-54380-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319543796","9783319543802"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-54380-2_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"19 March 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}