Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Buchtitelbild

2015 | OriginalPaper | Buchkapitel

1. Privacy, Compliance and the Cloud

verfasst von : Chris Mitchell

Erschienen in: Guide to Security Assurance for Cloud Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Use of the cloud clearly brings with it major privacy concerns. Whilst a range of technical solutions, including use of one of the many variants of homomorphic encryption, potentially enable these concerns to be addressed, in practice such complex privacy enhancing technologies are not widely used. Instead, cloud users, including both individuals and organisations, rely in practice on contractual agreements to help ensure that personally identifiable information (PII) stored in the cloud is handled appropriately. This contractual approach builds on compliance, a widely used notion in information security. Specifically, cloud service providers obtain certification of compliance to appropriate security standards and guidelines, notably the ISO/IEC 27000 series, to prove they provide a secure service. To provide privacy guarantees, a standard, ISO/IEC 27018:2014, has recently been published specifically aimed at enabling cloud service vendors to show compliance with regulations and laws governing the handling of PII. This is just the first in an emerging series of standards providing guidelines on cloud security and privacy, as well as more general PII handling in IT systems. This paper reviews the state of the art in such standards and also looks forward to areas where further standards and guidelines are needed, including discussing the issues that they need to address.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Nächstes Kapitel Cryptographic Tools for Cloud Environments
Fußnoten
1
For example, ISO/IEC 27018 was listed at number 7 in the April 2015 list of best-selling ISO standards, as published by the Singapore standards organisation – see http://​www.​singaporestandar​dseshop.​sg/​ISOStandards/​BestSellingISOSt​andards.​aspx (checked on 9th June 2015).
 
Literatur
1.
ISO/IEC 29100:2011, Information technology – security techniques – privacy framework
2.
van Dijk M, Gentry C, Halevi S, Vaikuntanathan V (2010) Fully homomorphic encryption over the integers. In: Proc. Eurocrypt 2010, Springer LNCS 6110, pp 24–43
3.
Duncan B, Whittington M (2014) Reflecting on whether checklists can tick the box for cloud security. In: Proc. of 2014 IEEE 6th international conference on cloud computing technology and science, IEEE, pp.805–810
4.
Kwon J, Johnson ME (2014) Proactive versus reactive security investments in the healthcare sector. MIS Q 38:451–471
5.
ISO/IEC 27000:2014, Information technology – security techniques – information security management systems – overview and vocabulary
6.
ISO/IEC 27001:2013, Information technology – security techniques – information security management systems – Requirements
7.
ISO/IEC 27002:2013, Information technology – security techniques – code of practice for information security controls
8.
BS 7799:1995, Code of practice for information security management
9.
BS 7799-1:1999, Information security management – Part 1: Code of practice for information security management
10.
BS 7799-2:1999, Information security management – Part 2: Specification for information security management systems
11.
BS 7799-2:2002, Information security management systems – specification with guidance for use
12.
ISO/IEC 27018:2014, Information technology – security techniques – code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
13.
ISO/IEC JTC 1/SC 27 N10550, Proposal for a new work item on code of practice for data protection controls for public cloud computing services, November 2011
14.
European Union, Article 29 Working Party, Opinion 05/2012 on cloud computing, adopted July 2012
15.
ISO/IEC JTC 1/SC 27 N11742, 2nd WD 27018, Information technology – security techniques – code of practice for data protection controls for public cloud computing services, December 2012
16.
ISO/IEC FDIS 27017 Information technology – security techniques – code of practice for information security controls based on ISO/IEC 27002 for cloud services, July 2015
17.
ISO.IEC 1st CD 29151, Information technology – security techniques – code of practice for personally identifiable information protection, June 2015
18.
Ji S, Li W, Gong NZ, Mittal P, Beyah R (2015) On your social network de-anonymizability: quantification and large scale evaluation with seed knowledge. In: Proc. NDSS’15, internet society
19.
ISO/IEC JTC 1/SC 27 N15297, Proposal for a new work item on Privacy enhancing data de-identification techniques, June 2015
20.
European Union, Article 29 Working Party, Opinion 05/2014 on Anonymisation Techniques, April 2014
21.
ISO/TS 25237:2008, Health informatics – pseudonymization
Metadaten
Titel
Privacy, Compliance and the Cloud
verfasst von
Chris Mitchell
Copyright-Jahr
2015
Buch
Guide to Security Assurance for Cloud Computing

Print ISBN: 978-3-319-25986-4

Electronic ISBN: 978-3-319-25988-8

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-25988-8_1