Abstract:
Managing information security in the cloud is a challenge. Traditional checklist approaches to standards compliance may well provide compliance, but do not guarantee to provide security assurance. The complexity of cloud relationships must be acknowledged and explicitly managed by recognising the implications of self-interest of each party involved. We begin development of a conceptual modelling framework for cloud security assurance that can be used as a starting point for effective continuous security assurance, together with a high level of compliance.