Cybersecurity compliance analysis is the process of assessing whether the behavior of an IT system or application conforms to the cybersecurity rules and regulations in force. This assessment can be offered as a service by exploiting available cloud technologies, and, indeed, it is one of the services classified by the Cloud Security Alliance (CSA) as part of the security information and event management (SIEM) category of the SecaaS (security as a service) domain. The definition and implementation of this typology of cloud services are challenging activities due to the complexity of both the reference business domain and the compliance analysis services to be provided themselves. The paper exploits a recently proposed requirements methodology, called GOReM (goal‐oriented requirements methodology), to support the conceptualization and subsequent implementation of cybersecurity compliance analysis services. In particular, two different application scenarios regarding compliance analysis of an existing or under development IT system/application are presented and discussed. In both the scenarios, GOReM allows to grasp and understand the many and complex issues to address for providing secure cloud services to worldwide customers, also due to the numerous, different and ever changing legal aspects, which have to be taken into account by service providers.

Cybersecurity compliance analysis as a service: Requirements specification and application scenarios

Furfaro, Angelo
;
Gallo, Teresa;Garro, Alfredo;Saccà, Domenico;Tundis, Andrea
2018

Abstract

Cybersecurity compliance analysis is the process of assessing whether the behavior of an IT system or application conforms to the cybersecurity rules and regulations in force. This assessment can be offered as a service by exploiting available cloud technologies, and, indeed, it is one of the services classified by the Cloud Security Alliance (CSA) as part of the security information and event management (SIEM) category of the SecaaS (security as a service) domain. The definition and implementation of this typology of cloud services are challenging activities due to the complexity of both the reference business domain and the compliance analysis services to be provided themselves. The paper exploits a recently proposed requirements methodology, called GOReM (goal‐oriented requirements methodology), to support the conceptualization and subsequent implementation of cybersecurity compliance analysis services. In particular, two different application scenarios regarding compliance analysis of an existing or under development IT system/application are presented and discussed. In both the scenarios, GOReM allows to grasp and understand the many and complex issues to address for providing secure cloud services to worldwide customers, also due to the numerous, different and ever changing legal aspects, which have to be taken into account by service providers.
cloud computing, compliance analysis, cybersecurity, goal‐oriented methodology, requirements engineering, SecaaS
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11770/263441
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 4
social impact