Tackling the loss of control: Standards-based conjoint management of security requirements for cloud services

Ingo Müller, Jun Han, Jean Guy Schneider, Steven Versteeg

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

4 Citations (Scopus)


The loss of control over information assets is a major security and privacy concern in the Cloud. Service consumers typically have no insights which controls protect their information assets and how effectively. To tackle this challenge, we propose an approach where service providers and consumers conjointly manage security requirements for a Cloud service following the ISO 27001 standard for information security management. We have developed a security management platform that provides tool support for service providers and consumers (i) to specify and consolidate security requirements and (ii) to collect, measure, analyse and report information about the effectiveness of implemented controls. By involving service consumers in management activities following an international standard, our approach helps service providers to increase transparency and traceability of their security measures whereas service consumers gain much-needed insights in the protection of their information assets. The applicability of our approach is demonstrated with an example scenario.

Original languageEnglish
Title of host publicationProceedings - 2011 IEEE 4th International Conference on Cloud Computing, CLOUD 2011
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages9
ISBN (Print)9780769544601
Publication statusPublished - 29 Sept 2011
Externally publishedYes
EventIEEE International Conference on Cloud Computing 2011 - Washington, United States of America
Duration: 4 Jul 20119 Jul 2011
Conference number: 4th
https://ieeexplore.ieee.org/xpl/conhome/6008653/proceeding (Proceedings)


ConferenceIEEE International Conference on Cloud Computing 2011
Abbreviated titleCLOUD 2011
Country/TerritoryUnited States of America
Internet address


  • Cloud computing
  • Cloud computing security
  • Information security management

Cite this