The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues
- 10h 48m
- Kim-Kwang Raymond Choo, Ryan Ko
- Elsevier Science and Technology Books, Inc.
- 2015
Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security - putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key thought leaders and top researchers in the technical, legal, and business and management aspects of cloud security. The authors present the leading edge of cloud security research, covering the relationships between differing disciplines and discussing implementation and legal challenges in planning, executing, and using cloud security.
- Presents the most current and leading-edge research on cloud security from a multi-disciplinary standpoint, featuring a panel of top experts in the field
- Focuses on the technical, legal, and business management issues involved in implementing effective cloud security, including case examples
- Covers key technical topics, including cloud trust protocols, cryptographic deployment and key management, mobile devices and BYOD security management, auditability and accountability, emergency and incident response, as well as cloud forensics
- Includes coverage of management and legal issues such as cloud data governance, mitigation and liability of international cloud deployment, legal boundaries, risk management, cloud information security management plans, economics of cloud security, and standardization efforts
About the Authors
Dr. Ryan Ko is a Senior Lecturer with the University of Waikato, New Zealand. He established New Zealand's first Masters degree in Cyber Security and first dedicated Cyber Security Lab at the University of Waikato. His main research areas are Cyber Security, Cloud Data Provenance and Cloud Computing Security and Trust. Prior to joining the faculty, he was a lead computer scientist with Hewlett-Packard (HP) Labs’ Cloud and Security Lab and achieved first-in-the-world scientific breakthroughs in the area of cloud data provenance. Recipient of the Cloud Security Alliance (CSA) Ron Knode Service Award, he is active as Research Advisor for CSA Asia Pacific, and serves as chair and board member of several cyber security industry consortia and chapters. He is also the co-founder and co-chair of the CSA Cloud Data Governance Working Group, the first CSA research group led by a chapter in Asia Pacific. Dr. Ko is currently the co-chair of the IEEE TSCloud (2011-2014), IEEE TSP 2013, IEEE UbiSafe 2012, CSA APAC Congress, and Associate Editor of Wiley's Security and Communication Networks, International Journal of Cloud Applications and Computing, Editor of ACM XRDS from 2009 to 2011, and Technical Program Committee member and reviewer for several academic conferences and journals (e.g. Elsevier Information Systems, IEEE Spectrum, IEEE Trans. in Services Computing, etc). Prior to HP Labs and his Ph.D., Ko was an entrepreneur with two startups, and was with Micron Technology, Inc. Ko has spoken on Cloud Security at several locations in USA and Asia Pacific. He holds 3 international patents and is a member of the IEEE, ACM and AAAI. Most recently, he was one of 14 international subject matter experts selected by (ISC)2 to develop a new international certification like the CISSP for cloud security professionals
Dr Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including a book published in Springer’s Advances in Information Security book series and six Australian Government Australian Institute of Criminology refereed monographs. He has been an invited speaker for a number of events (e.g. 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime and 2011 KANZ Broadband Summit 2011), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. He was one of over 20 international (and one of two Australian) experts consulted by the research team preparing McAfee's commissioned report entitled “Virtual Criminology Report 2009: Virtually Here: The Age of Cyber Warfare”; and his opinions on cyber crime and cyber security are regularly published in the media. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft's Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for “Taking a risk and making a difference in the development of the Australian ICT industry”, 2008 Australia Day Achievement Medallion in recognition of my dedication and contribution to the Australian Institute of Criminology, and through it to the public service of the nation, British Computer Society’s Wilkes Award for the best paper published in the 2007 volume of the Computer Journal, and the Best Student Paper Award by the 2005 Australasian Conference on Information Security and Privacy.
In this Book
-
Foreword
-
List of Reviewers
-
Cloud Security Ecosystem
-
Cybercrime in Cloud—Risks and Responses in Hong Kong, Singapore
-
CATRA—Conceptual Cloud Attack Taxonomy and Risk Assessment Framework
-
Multitiered Cloud Security Model
-
A Guide to Homomorphic Encryption
-
Protection Through Isolation—Virtues and Pitfalls
-
Protecting Digital Identity in the Cloud
-
Provenance for Cloud Data Accountability
-
Security as a Service (SecaaS)—An Overview
-
Secure Migration to the Cloud—In and Out
-
Keeping Users Empowered in a Cloudy Internet of Things
-
Cloud as Infrastructure for Managing Complex Scalable Business Networks, Privacy Perspective
-
Psychology and Security—Utilizing Psychological and Communication Theories to Promote Safer Cloud Security Behaviors
-
Conceptual Evidence Collection and Analysis Methodology for Android Devices
-
Mobile Cloud Forensics—An Analysis of Seven Popular Android Apps
-
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
-
Integrating Digital Forensic Practices in Cloud Incident Handling—A Conceptual Cloud Incident Handling Model
-
Cloud Security and Forensic Readiness—The Current State of an IaaS Provider
-
Ubuntu One Investigation—Detecting Evidences on Client Machines
-
Governance in the Cloud
-
Computational Trust Methods for Security Quantification in the Cloud Ecosystem
-
Tool-Based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems