CLOUD-COMPUTING PRESENTATION MODULE FIVE
okmanjunatha23cse
7 views
12 slides
Mar 04, 2025
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
CLOUD COMPUTING
Slide Content
CLOUD COMPUTING (23PCS552) Module-4 Cloud Security Management Frameworks PRESENTED BY NAME : O K MANJUNATHA (USN) : 1CD23SCS10 Under the Guidance of, Name of the Staff : Prof . Lakshmi Shree Designation : Assosciate Professor Department of Computer Science & Engineering, Cambrigde Institute of Technology, Bangalore-560037
Security Management in the Cloud - Introduction 2 WIT H TH E ADOPTIO N O F PUBLI C CLOU D SERVICE S , A LARG E PAR T O F YOU R NETWOR K , system, applications, and data will move under third-party provider control. The cloud services delivery model will create islands (clouds) of virtual perimeters as well as a security model with responsibilities shared between the customer and the cloud service provider (CSP).
Cloud Security Management Framework - Definition The Cloud Security management frameworks provide guidance for planning and implementing a governance program with sustaining management processes that protect information assets. a chief information security officer (CISO) must answer is whether she has adequate transparency from cloud services to manage the governance (shared responsibilities) and implementation of security management processes (preventive and detective controls) to assure the business that the data in the cloud is appropriately protected .
Cloud Security Management Framework - Types Mature IT organizations are known to employ security management frameworks, such as Information Technology Infrastructure Library (ITIL) service management framework. ISO/IEC 27001 and ISO/IEC 27002
The Information Technology Infrastructure Library (ITIL) ITIL gives a detailed description of a number of important IT practices with comprehensive checklists, tasks, and procedures that can be tailored to any IT organization. A key tenet of ITIL, and one that is applicable to cloud computing, is that organizations (people, processes) and information systems are constantly changing. Hence, management frameworks such as ITIL will help with the continuous service improvement that is necessary to align and realign IT services to changing business needs.
The Information Technology Infrastructure Library (ITIL) The goal of the ITIL Security Management framework is divided into two parts: Realization of security requirements Security requirements are usually defined in the SLA as well as in other external requirements, which are specified in underpinning contracts, legislation, and internally or externally imposed policies. Realization of a basic level of security This is necessary to guarantee the security and continuity of the organization and to reach simplified service-level management for information security management.
The Information Technology Infrastructure Library (ITIL) Well-established security management processes are also aligned with an organization’s IT policies and standards, with the goal of protecting the confidentiality, integrity, and availability of information. Figure illustrates the ITIL life cycle in a enterprise. Security management disciplines are represented by relevant ISO and ITIL functions.
The Information Technology Infrastructure Library (ITIL) ITIL can be applied across almost every type of IT environment including cloud operating environment. ITIL seeks to ensure that effective information security measures are taken at strategic, tactical, and operational levels. ITIL breaks information security down into: Policies The overall objectives an organization is attempting to achieve Processes What has to happen to achieve the objectives Procedures Who does what and when to achieve the objectives Work instructions Instructions for taking specific actions
ISO 27001/27002 ISO/IEC 27001 formally defines the mandatory requirements for an Information Security Management System (ISMS). It is also a certification standard and uses ISO/IEC 27002 to indicate suitable information security controls within the ISMS. However, since ISO/IEC 27002 is merely a code of practice/guideline rather than a certification standard, organizations are free to select and implement controls as they see fit.
ISO 27001/27002 Essentially, the ITIL, ISO/IEC 20000, and ISO/IEC 27001/27002 frameworks help IT organizations internalize and respond to basic questions such as: How do I ensure that the current security levels are appropriate for your needs? How do I apply a security baseline throughout your operation?
Security Management in the Cloud After analyzing the management process disciplines across the ITIL and ISO frameworks, we (the authors) identified the following relevant processes as the recommended security management focus areas for securing services in the cloud: Availability management (ITIL) Access control (ISO/IEC 27002, ITIL) Vulnerability management (ISO/IEC 27002) Patch management (ITIL) Configuration management (ITIL) Incident response (ISO/IEC 27002) System use and access monitoring (ISO/IEC 27002)
Thank You
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 12
- Age 274 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views