The Application by Integrating ISO 27001 and CSA/CCM Used in Private Cloud Environment -- A Case Study of Government

• Main Authors: Kung Chang, 張恭
• Other Authors: Tin-Yu Wu
• Format: Others
• Language: zh-TW
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/2ec8sc

碩士 === 國立宜蘭大學 === 多媒體網路通訊數位學習碩士在職專班 === 102 === Cloud computing has been the trend in recent years, most of the information system built on the cloud computing services. Therefore cloud security services are concern for cloud service providers and cloud consumer. How to do the relevant security policies is the main challenge to deploy cloud services. Most government institutions have passed ISO 27001 information security management system, and also build private cloud virtural machine technology. It is important to manage the security of cloud computing of Information System Management infrastructure. By various means of this study, it includes observation、records、access the data, etc. It takes qualitative research progress to parse the resulting data. By collected Information Scurity Mangement Sytems-Requirements, Code of practice for Information Scurity Mnagement Sytems, Cloud Security Alliance/ Cloud Control Matrix, private cloud technology. This paper discusses the Integration of ISO 27001 and CSA/CCM (Cloud Security Alliance/Cloud Control Matrix) used in security of private cloud. In comparison with their controls, CSA/CCM increases 42 controls that ISO 27001 is not definition. When the organization adopt private cloud infrastructure, we can considerate to work ISO 27001 with CSA/CCM to build information security environment for the organization. After expert questionnaires by using the Modified Delphi method, the paper creates “Intergration of Information Security Management System Block Diagram Model.” Finally, through the study of practical cases of government to verify the construct’s availability and effectiveness of the Institute "Integrated Information Security Management Assessment Form".