Evaluate information security governance frameworks in cloud computing environment using main and sub criteria

Abstract

In spite of the benefits of cloud computing, it is associated with high risks that need an effective security program. Framework of information security governance ensures successful management of information security risk and oversight, and helps to protect an organization's information. However, no standard or common criteria have been specified to help organizations in evaluating and selecting the proper cloud computing information security governance framework. Hence, this paper aims to identified the main and sub criteria to help organizations for evaluating the target frameworks. To achieve this aim, a critical review has been conducted to identify the current frameworks. The related frameworks are analyzed to indicate and identify the main and sub criteria that can be used to evaluate the current frameworks and facilitate the frameworks selection process. All criteria will be subjected to an evaluation process via interviews with specialists to define the criteria significance and capability in evaluating and differentiating the existing frameworks. The interview data is analyzed using content analysis method. The analysis of interviews data has found that all the experts agreed that main and sub criteria are very important, 20% of them indicated that these criteria are essential but lack to other sub-criteria such as awareness, valuation of assets and documents control. Furthermore, 70% of the experts indicated that it is difficult to rank the criteria because they have the same importance. Following that, it is recommended that a considerable work is still needed to specify a proper selection method of a suitable cloud computing information security governance framework based on standard or common criteria. Copyright © 2019 American Scientific Publishers All rights reserved.