{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T01:13:17Z","timestamp":1654132397121},"reference-count":24,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,10,1]]},"abstract":"<p>The authors combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework. With this combined framework the authors create a new approach to IT Security Risk Management where IT Security Risk Management is place at the strategic, tactical and operational levels of an organizational. In this paper the authors concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. The authors present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA\u00b4s Risk IT Framework. Finally the authors apply the approach to typical cloud computing environment as a first step to evaluate this new approach.<\/p>","DOI":"10.4018\/ijeei.2013100101","type":"journal-article","created":{"date-parts":[[2014,5,8]],"date-time":"2014-05-08T19:38:49Z","timestamp":1399577929000},"page":"1-19","source":"Crossref","is-referenced-by-count":4,"title":["IT Security Risk Management Model for Cloud Computing"],"prefix":"10.4018","volume":"4","author":[{"given":"Gunnar","family":"Wahlgren","sequence":"first","affiliation":[{"name":"Department of Computer and Systems Sciences, Stockholm University, Kista, Sweden"}]},{"given":"Stewart","family":"Kowalski","sequence":"additional","affiliation":[{"name":"Department of Computer and Systems Sciences, Stockholm University, Kista, Sweden"}]}],"member":"2432","reference":[{"key":"ijeei.2013100101-0","unstructured":"Annamalai, N. (2012). Information security guidelines for organizations intending to adopt cloudsourcing. Unpublished Master Thesis, Department of Computer and System Sciences University of Stockholm and Royal Institute of Technology, Sweden."},{"key":"ijeei.2013100101-1","author":"W. K.Brotby","year":"2006","journal-title":"Information security management metrics: A definitive guide to effective security monitoring and measurement"},{"key":"ijeei.2013100101-2","year":"2005","journal-title":"Inventory of risk management \/ risk assessment methods"},{"key":"ijeei.2013100101-3","year":"2006","journal-title":"Inventory of risk management \/ risk assessment tools"},{"key":"ijeei.2013100101-4","year":"2009","journal-title":"Cloud computing: Benefits, risk and recommendation"},{"key":"ijeei.2013100101-5","year":"2012","journal-title":"Critical cloud computing"},{"key":"ijeei.2013100101-6","year":"2012","journal-title":"Procure secure: A guide to monitoring of security service levels in cloud contracts"},{"key":"ijeei.2013100101-7","unstructured":"NIST Interagency Report 7756 \u2013 Second Draft. (2012). CAESARS framework extension: An enterprise continuous monitoring reference model (Second Draft). National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-8","year":"2009","journal-title":"The risk IT framework"},{"key":"ijeei.2013100101-9","unstructured":"ISO. IEC 27001. (2005). Information security management system. International Standard Organization."},{"key":"ijeei.2013100101-10","unstructured":"ISO. IEC 27005. (2008). Information security risk management. International Standard Organization."},{"key":"ijeei.2013100101-11","year":"2008","journal-title":"Guidance for information security managers"},{"key":"ijeei.2013100101-12","doi-asserted-by":"crossref","unstructured":"Karokola, G. (2012). A framework for securing e-government services. Doctoral Thesis, Department of Computer and System Sciences, Stockholm University, Sweden.","DOI":"10.1109\/HICSS.2013.208"},{"key":"ijeei.2013100101-13","unstructured":"NIST Special Publication 800-137. (2011). Information security continuous monitoring (ISCM) for federal information system and organizations. National Institute of Standards and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-14","unstructured":"NIST Special Publication 800-145. (2011). The NIST definition of cloud computing. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-15","unstructured":"NIST Special Publication 800-146. (2012). Cloud computing synopsis and recommendations. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-16","unstructured":"NIST Special Publication 800-30. (2002). Risk management guide for information technology systems. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-17","unstructured":"NIST Special Publication 800-30 Revision 1. (2011). Guide for conducting risk assessment. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-18","unstructured":"NIST Special Publication 800-37 Revision 1. (2010). Guide for applying risk management framework to federal information systems. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-19","unstructured":"NIST Special Publication 800-39. (2011). Managing information security risk. National Institute of Standard and Technology U.S. Department of Commerce."},{"key":"ijeei.2013100101-20","unstructured":"Pham, C. (2001). From events to incidents. SANS Institute, (2001)."},{"key":"ijeei.2013100101-21","author":"M.Philips","year":"2003","journal-title":"Using a capability maturity model to derive security requirements"},{"issue":"2","key":"ijeei.2013100101-22","article-title":"Risk management in a dynamic society: A modeling problem.","volume":"27","author":"J.Rasmussen","year":"1997","journal-title":"Safety Science"},{"key":"ijeei.2013100101-23","unstructured":"Vohradsky, D. (2012). Cloud risk \u2013 10 principles and a framework for assessment. ISACA Journal, 5."}],"container-title":["International Journal of E-Entrepreneurship and Innovation"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=106896","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T00:39:15Z","timestamp":1654130355000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijeei.2013100101"}},"subtitle":["A Need for a New Escalation Approach"],"short-title":[],"issued":{"date-parts":[[2013,10,1]]},"references-count":24,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,10]]}},"URL":"https:\/\/doi.org\/10.4018\/ijeei.2013100101","relation":{},"ISSN":["1947-8585","1947-8593"],"issn-type":[{"value":"1947-8585","type":"print"},{"value":"1947-8593","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10,1]]}}}