【 摘 要 】

Cloud computing represents a revolutionary service model for accessing information technology (IT) services, and an opportunity for governments to reduce maintainance costs of IT infrastructure. However, relying on commercial cloud services may prove challenging for privacy and security if cloud service providers cannot guarantee adequate standards for their services. In this thesis, I analyze four IT security standards comparing them alongside each other. ISO/IEC 27001 and SOC 2 are two international IT frameworks issued by non-government organizations and available since 2005. FedRAMP and C5 are two more recent cloud-specific standards, respectively issued by the US and German governments.Examining the four standards in comparison, and evaluating their completeness and adequacy in guaranteeing information assurance in cloud environments, I question whether they really represent an improvement in cloud security, what are their shortcomings, and ultimately the necessity of new cloud security standards in the already crowded IT security landscape. I combine a broad contextual analysis with empirical results to help understand the reasons for creating C5, and shed lights on its role in the EU political agenda.

【 预 览 】

附件列表

Files	Size	Format	View
Privacy and security in the clouds: IT security and privacy standards in the EU and US	1797KB	PDF	download