{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T01:19:43Z","timestamp":1770340783956,"version":"3.49.0"},"reference-count":64,"publisher":"Sociedade Brasileira de Computacao - SB","issue":"1","license":[{"start":{"date-parts":[[2016,5,10]],"date-time":"2016-05-10T00:00:00Z","timestamp":1462838400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Internet Serv Appl"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1186\/s13174-016-0046-8","type":"journal-article","created":{"date-parts":[[2016,5,6]],"date-time":"2016-05-06T11:40:03Z","timestamp":1462534803000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":46,"title":["A survey of compliance issues in cloud computing"],"prefix":"10.5753","volume":"7","author":[{"given":"Dereje","family":"Yimam","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eduardo B.","family":"Fernandez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"3742","published-online":{"date-parts":[[2016,5,10]]},"reference":[{"key":"46_CR1","unstructured":"Amazon. Amazon web services: risk and compliance. http:\/\/media.amazonwebservices.com\/AWS_Risk_and_Compliance_Whitepaper.pdf ."},{"key":"46_CR2","unstructured":"Amazon. AWS compliance. https:\/\/d0.awsstatic.com\/whitepapers\/compliance\/AWS_Risk_and_Compliance_Whitepaper.pdf ."},{"key":"46_CR3","unstructured":"Amazon Web Services. Risk and compliance. https:\/\/d0.awsstatic.com\/whitepapers\/compliance\/AWS_Risk_and_Compliance_Whitepaper.pdf ."},{"key":"46_CR4","unstructured":"Avgeriou P. Describing, instantiating and evaluating a reference architecture: a case study. Enterp Archit J. 2003. Available online: http:\/\/www.rug.nl\/research\/portal\/files\/14407113\/2003EnterpArchitJAvgeriou.pdf . Accessed 22 Apr 2016."},{"key":"46_CR5","unstructured":"Booch G, Rumbaugh J, Jacobson I. The unified modeling language user guide. 2nd ed: Addison-Wesley; 2005."},{"key":"46_CR6","doi-asserted-by":"crossref","unstructured":"Brandic I, Dustdar S, Anstett T, Schuman D, Leymann F, Konrad R. Compliant Cloud Computing (C3): architecture and language support for user-driven compliance management in clouds, Proceeding CLOUD \u201810 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing. Miami, Florida, USA: 2010; 244\u201351.","DOI":"10.1109\/CLOUD.2010.42"},{"key":"46_CR7","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TSE.2007.70746","volume":"34","author":"TD Breaux","year":"2008","unstructured":"Breaux TD, Anton AI. Analyzing regulatory rules for privacy and security requirements. IEEE Trans Soft Eng. 2008;34:5\u201320.","journal-title":"IEEE Trans Soft Eng"},{"key":"46_CR8","unstructured":"Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M. Pattern-Oriented Software Architecture: A System of Patterns, vol. 1.Wiley; 1996"},{"key":"46_CR9","unstructured":"Cisco. Cisco compliance solutions. http:\/\/www.cisco.com\/c\/dam\/en\/us\/solutions\/collateral\/enterprise-networks\/pci-compliance\/pci-dss-30-wp.pdf . Accessed 22 Apr 2016."},{"key":"46_CR10","unstructured":"Cisco. The risk management framework: building a secure and regulatory compliant trading architecture. http:\/\/www.cisco.com\/web\/strategy\/docs\/finance\/risk_mgmt_C11-521656_wp.pdf ."},{"key":"46_CR11","unstructured":"COBIT. IT Governance Framework - Information Assurance Control, ISACA. http:\/\/www.isaca.org\/Knowledge-Center\/cobit\/Pages\/Overview.aspx ."},{"key":"46_CR12","unstructured":"Dasgupta D, Naseem D. Security and compliance testing strategies for cloud computing. https:\/\/umdrive.memphis.edu\/g-mis\/www\/memphis\/step\/STEP2012\/STEP2012Proceedings3.pdf ."},{"key":"46_CR13","doi-asserted-by":"crossref","unstructured":"Dasgupta D, Naseem D. A framework for estimating security coverage for cloud service insurance, Proceedings 7th Cyber-Security and Information Intelligence Reserach Workshop, Oak Ridge, TN, October 12-14, 2011.","DOI":"10.1145\/2179298.2179342"},{"key":"46_CR14","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/s10270-014-0395-3","volume":"15","author":"A Elgammal","year":"2016","unstructured":"Elgammal A, Turekten O, van der Heuvel W-J, Papazoglou M. Formalizing and applying compliance patterns for business process compliance. J Softw Syst Model. 2016;15:119\u201346. doi: 10.1007\/s10270-014-0395-3 .","journal-title":"J Softw Syst Model"},{"key":"46_CR15","unstructured":"FedRAMP. FedRAMP compliant cloud systems. https:\/\/www.fedramp.gov\/resources\/documents\/ ."},{"key":"46_CR16","unstructured":"FedRAMP. Federal Risk and Authorization Management Program (FedRAMP). https:\/\/www.fedramp.gov\/resources\/documents\/ ."},{"key":"46_CR17","unstructured":"FedRAMP. FedRAMP Third Party Assessment Organizations (3PAOs). https:\/\/www.fedramp.gov\/resources\/documents\/ ."},{"key":"46_CR18","series-title":"Wiley Series on Software Design Patterns","volume-title":"Security patterns in practice: building secure architectures using software patterns","author":"EB Fernandez","year":"2013","unstructured":"Fernandez EB. Security patterns in practice: building secure architectures using software patterns, Wiley Series on Software Design Patterns. 2013."},{"key":"46_CR19","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Yuan X. Semantic analysis patterns, Proceedings of the 19th Int. Conf. on Conceptual Modeling, ER2000. p. 183\u201395.","DOI":"10.1007\/3-540-45393-8_14"},{"key":"46_CR20","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Larrondo-Petrie MM, Sorgente T, Van Hilst M. A methodology to develop secure systems using patterns. In: Mouratidis H, Giorgini P, editors. Integrating security and software engineering: advances and future vision. IDEA Press; 2006. p. 107\u201326.","DOI":"10.4018\/978-1-59904-147-6.ch005"},{"key":"46_CR21","unstructured":"Fernandez EB, Mujica S. Two patterns for HIPAA regulations, Procs. of AsianPLoP (Pattern Languages of Programs) 2014. Tokyo: 2014."},{"key":"46_CR22","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Monge R, Hashizume K. Building a security reference architecture for cloud systems. Requir Eng. 2015; doi: 10.1007\/s00766-014-0218-7 .","DOI":"10.1007\/s00766-014-0218-7"},{"key":"46_CR23","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Yimam D. Towards compliant reference architectures by finding analogies and overlaps in compliance regulations, Procs.12th Int. Conf. on Security and Cryptography (SECRYPT 2015), Colmar, France, July 2015.","DOI":"10.5220\/0005575604350440"},{"key":"46_CR24","unstructured":"FISMA. Federal Information Security Management Act FISMA. http:\/\/www.healthinfolaw.org\/federal-law\/federal-information-security-management-act-fisma ."},{"key":"46_CR25","unstructured":"Fowler M. Analysis patterns \u2013 reusable object models. Addison-Wesley; 1997."},{"key":"46_CR26","volume-title":"Design patterns: elements of reusable object-oriented software","author":"E Gamma","year":"1994","unstructured":"Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Boston: Addison-Wesley; 1994."},{"key":"46_CR27","unstructured":"Gartner. http:\/\/www.gartner.com\/newsroom\/id\/2352816 ."},{"issue":"3","key":"46_CR28","first-page":"132","volume":"19","author":"C Gikas","year":"2010","unstructured":"Gikas C. A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards. Inf Secur J. 2010;19(3):132\u201341.","journal-title":"Inf Secur J"},{"key":"46_CR29","unstructured":"GLBA. Gramm-Leach-Bliley Act. http:\/\/www.business.ftc.gov\/privacy-and-security\/gramm-leach-bliley-act ."},{"key":"46_CR30","doi-asserted-by":"crossref","unstructured":"Hamdaqa M, Hamou-Lhadj A. Citation analysis: an approach for facilitating the analysis of regulatory compliance documents, Procs. 2009 6th Int. Conf. on Information technology: New Generations. IEEE; 2009. p. 278\u201383.","DOI":"10.1109\/ITNG.2009.161"},{"key":"46_CR31","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1186\/1869-0238-4-5","volume":"4","author":"K Hashizume","year":"2013","unstructured":"Hashizume K, Rosado DG, Fern\u00e1ndez-Medina E, Fernandez EB. An analysis of security issues for cloud computing. J Internet Serv Appl. 2013;4:5. 27 February 2013.","journal-title":"J Internet Serv Appl"},{"key":"46_CR32","unstructured":"HIPAA. HIPAA Administrative Simplification. https:\/\/www.fedramp.gov\/resources\/documents\/ ."},{"key":"46_CR33","unstructured":"HIPAA. Understanding Health Information Privacy. http:\/\/www.hhs.gov\/sites\/default\/files\/ocr\/privacy\/hipaa\/understanding\/consumers\/understanding-hipaa-notice.pdf ."},{"key":"46_CR34","unstructured":"Hitachi. Compliance architecture. http:\/\/hitachi-id.com\/compliance\/compliance-architecture.html ."},{"key":"46_CR35","unstructured":"IBM. IBM Cloud computing. http:\/\/www.ibm.com\/cloud-computing\/ ."},{"key":"46_CR36","unstructured":"IBM. Security compliance services. http:\/\/www-935.ibm.com\/services\/us\/en\/it-services\/security-services\/compliance-and-regulatory-services\/ ."},{"key":"46_CR37","unstructured":"IDC. International Data Corporation. http:\/\/www.idc.com\/prodserv\/subservices.jsp ."},{"key":"46_CR38","unstructured":"IEEE. IEEE 1471\u20132000 recommended practice for architectural description of software-intensive systems. 2000. https:\/\/standards.ieee.org\/findstds\/standard\/1471-2000.html ."},{"key":"46_CR39","unstructured":"ISO. ISO Information Security Standard. Available: http:\/\/www.iso27001security.com\/ ."},{"key":"46_CR40","unstructured":"Kruchten P. The rational unified process, an introduction. 3rd ed. Addison-Wesley; 2003."},{"key":"46_CR41","series-title":"19th IEEE Int. Reqs. Eng. Conf","first-page":"207","volume-title":"Assessing the accuracy of legal implementation readiness decisions","author":"AK Massey","year":"2011","unstructured":"Massey AK, Smith B, Otto PN, Anton AI. Assessing the accuracy of legal implementation readiness decisions, 19th IEEE Int. Reqs. Eng. Conf. 2011. p. 207\u201316."},{"key":"46_CR42","unstructured":"Mather T, Kumaraswamy S, Latif S. Cloud security and privacy: an enterprise perspective on risks and compliance. O\u2019Relly Media; 2009."},{"key":"46_CR43","unstructured":"Microsoft Azure. Microsoft Azure Trust Center. http:\/\/azure.microsoft.com\/en-us\/support\/trust-center\/compliance\/ ."},{"key":"46_CR44","doi-asserted-by":"crossref","unstructured":"Millard C. Cloud computing law. Oxford University Press; 2013","DOI":"10.1093\/acprof:oso\/9780199671670.001.0001"},{"key":"46_CR45","series-title":"MIPRO proceedings","volume-title":"Security - How to measure compliance","author":"O Mirkovi\u0107","year":"2008","unstructured":"Mirkovi\u0107 O. Security - How to measure compliance, MIPRO proceedings. 2008."},{"key":"46_CR46","unstructured":"Netschert BM. Information security readiness and compliance in the healthcare industry. Stevens Institute of Technology; 2008"},{"key":"46_CR47","doi-asserted-by":"crossref","first-page":"2","DOI":"10.4018\/jisp.2009040104","volume":"3","author":"B Ngugi","year":"2009","unstructured":"Ngugi B, Vega G, Dardick G. PCI compliance: overcoming the challenges. Journal of information security and privacy. Int J Inf Secur Priv. 2009;3:2.","journal-title":"Int J Inf Secur Priv"},{"key":"46_CR48","unstructured":"NIST. Guidelines on security and privacy in public cloud computing. http:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-144.pdf . Accessed on April 22, 2016."},{"key":"46_CR49","unstructured":"Oracle. Cloud reference architecture. http:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-144.pdf . Accessed April 22, 2016."},{"key":"46_CR50","unstructured":"OWASP. Cloud-10 regulatory compliance. https:\/\/www.owasp.org\/index.php\/Cloud-10_Regulatory_Compliance ."},{"key":"46_CR51","unstructured":"PCI-DSS RA. PCI-compliant cloud reference architecture. http:\/\/www.hytrust.com\/solutions\/compliance\/ ."},{"key":"46_CR52","unstructured":"PCI DSS standard. Official source of PCI DSS Data Security Standards. https:\/\/www.pcisecuritystandards.org\/security_standards\/index.php ."},{"key":"46_CR53","unstructured":"PCI guidelines. PCI cloud guidelines. https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_V3.0_Third_Party_Security_Assurance.pdf ."},{"key":"46_CR54","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1007\/978-94-007-0641-5_17","volume-title":"Computers, privacy and data protection: an element of choice","author":"J Ruiter","year":"2011","unstructured":"Ruiter J, Warnier M. Computers, privacy and data protection: an element of choice. 2011. p. 361\u201376."},{"key":"46_CR55","first-page":"3","volume":"11","author":"CMR Silva","year":"2013","unstructured":"Silva CMR, Silva JLC, Rodrigues RB, Nascimento LM, Garcia VC. Systematic mapping study on security threats in cloud computing. IJCSIS. 2013;11:3.","journal-title":"IJCSIS"},{"key":"46_CR56","unstructured":"Sony. Sony freezes 93,000 online accounts after security breach. http:\/\/www.forbes.com\/sites\/parmyolson\/2011\/10\/12\/sony-freezes-93000-online-accounts-after-security-breach\/ ."},{"key":"46_CR57","unstructured":"SOX law. The Sarbanes-Oxley Act. http:\/\/www.soxlaw.com\/ ."},{"key":"46_CR58","doi-asserted-by":"crossref","unstructured":"Stricker V, Lauenroth K, Corte P, Gittler F, De Panfilis S, Pohl K. Creating a reference architecture for service-based systems a pattern-based approach. 2010; doi: 10.3233\/978-1-60750-539-6-149 . IOS Press.","DOI":"10.3233\/978-1-60750-539-6-149"},{"key":"46_CR59","unstructured":"Target. Response & resources related to Target\u2019s data breach. https:\/\/corporate.target.com\/about\/payment-card-issue.aspx ."},{"key":"46_CR60","doi-asserted-by":"crossref","unstructured":"Taylor RN, Medvidovic N, Dashofy N. Software architecture: foundation, theory, and practice. Wiley; 2010.","DOI":"10.1145\/1810295.1810435"},{"key":"46_CR61","unstructured":"VMware. Compliance reference architecture framework. https:\/\/solutionexchange.vmware.com\/store\/products\/vmware-compliance-cyber-risk-solutions ."},{"key":"46_CR62","unstructured":"Walker M. Architecting regulatory-compliant architectures. https:\/\/msdn.microsoft.com\/en-us\/library\/bb233047.aspx ."},{"key":"46_CR63","unstructured":"Warmer J, Kleppe A. The object constraint language. 2nd ed. Addison-Wesley; 2003."},{"key":"46_CR64","series-title":"IEEE International Conference on Cloud Engineering (IC2E)","volume-title":"Building Compliance and Security Reference Architectures (CSRA) for cloud systems","author":"D Yimam","year":"2016","unstructured":"Yimam D, Fernandez EB. Building Compliance and Security Reference Architectures (CSRA) for cloud systems, IEEE International Conference on Cloud Engineering (IC2E). 2016."}],"container-title":["Journal of Internet Services and Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13174-016-0046-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13174-016-0046-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13174-016-0046-8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T01:12:00Z","timestamp":1748913120000},"score":1,"resource":{"primary":{"URL":"http:\/\/jisajournal.springeropen.com\/articles\/10.1186\/s13174-016-0046-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,10]]},"references-count":64,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,12]]}},"alternative-id":["46"],"URL":"https:\/\/doi.org\/10.1186\/s13174-016-0046-8","relation":{},"ISSN":["1867-4828","1869-0238"],"issn-type":[{"value":"1867-4828","type":"print"},{"value":"1869-0238","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,10]]},"article-number":"5"}}