Search results

The purpose of this paper is to classify and categorize the vulnerability types emerged with time as information technology (IT) systems evolved. This comparative study aims to compare the seriousness of the old well-known vulnerabilities that may still exist with lower possibility of happening with that of new technologies like cloud computing with Mobility access. Cloud computing is a new structure of IT that is becoming the main part of the new model of business environment. However, issues regarding such new hype of technology do not come without obstacles. These issues have to be addressed before full acceptability of cloud services in a globalized business environment. Businesses need to be aware of issues of concerns before joining the cloud services. This paper also highlights these issues and shows the comparison table to help businesses with appropriate decision-making when joining the cloud.

A historical review of emerged vulnerabilities as IT systems evolved was conducted, then these vulnerabilities were categorized into eight different categories, each of which composed of multiple vulnerability types. Simple scoring techniques were used to build a “risk” analysis table where each vulnerability type was given a score based on availability of matured solution and the likeliness of happening, then in case of vulnerability type, another score was used to derive the impact of such vulnerability. The resulted weighted score can be derived from the multiplication of likeliness to happen score with that of its impact in case it did happen. Percentage of seriousness represented by the percentage of the derived weighted score of each of the vulnerabilities can then be concluded. Similar table was developed for issues related to cloud computing environment in specific.

After surveying the historical background of IT systems and emerged vulnerabilities as well as reviewing the common malicious types of system vulnerabilities, this paper identifies 22 different types of vulnerability categorized in eight different categories. This comparative study explores amount of possible vulnerabilities in new technology like cloud computing services. Specific issues for cloud computing were also explored and a similar comparative study was developed on these issues. The result of the comparative study between all types of vulnerabilities since the start of IT system development till today’s technology of cloud computing, shows that the highest percentage vulnerability category was the one related to mobility access as mobile applications/systems are relatively newly emerged and do not have a matured security solution(s).

Learning from history, one can conclude the current risk factor in dealing with new technology like cloud computing. Businesses can realize that decision to join the cloud requires thinking about the issues mentioned in this paper and identifying the most vulnerability types to try to avoid them.

A new comparative study and new classification of vulnerabilities demonstrated with risk analysis using simple scoring technique.

This study aims to identify the level of security from existing work, analyze categories of security as a service (SECaaS) and classify them into a meaningful set of groups. Further, the report will advise commercial applications and advice of SECaaS as an extended context to help firms make decisions.

This paper compares the SECaaS categories in Cloud Security Alliance (CSA) with the security clauses in ISO/IEC 27002:2013 to give a comprehensive analysis of those SECaaS categories. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including protective, detective and reactive based on security control perspectives. This study has discussed the three groups and their interplay to identify the key characteristics and problems that they aim to address.

This paper also adds new evidence to support a better understanding of the current and future challenges and directions for SECaaS. Also, the study reveals both the positive and negative aspects of SECaaS along with business cases. It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches.

SECaaS has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud computing. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. However, it is still in infancy and not very widely investigated. Recent studies suggest that SECaaS is an efficient solution for Cloud and real industries. However, shortcomings of SECaaS have not been well-studied and documented. Moreover, reviewing the existing research, researchers did not classify the SECaaS-related categories.

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.

For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.

The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.

Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.

Cloud computing is relatively a new type of technology demanding a new method of management techniques to attain security and privacy leading to customer satisfaction regarding “Business Protection” measure. As cloud computing businesses are usually composed of multiple colocation sites/departments, the purpose of this paper is to propose a benchmark operation to measure and compare the overall integrated people-process-performance (PPP) among different departments within cloud computing organization. The purpose of this paper is to motivate staff/units to improve the process performance and meet the standards in a competitive approach among business units.

The research method was conducted at Cirrus Ltd, which is a cloud computing service provider where a focus group consists of six IT professionals/managers. The objective of the focus group was to investigate the proposed technique by selecting the best practices relevant criteria, with the relevant sub-criteria as a benchmarking performance tool to measure PPP via an analytic hierarchy processing (AHP) approach. The standard pairwise comparative AHP scale was used to measure the performance of three different teams defined as production team, user acceptance testing team and the development team.

Based on best practice performance measurement (reviewed in this paper) of cloud computing, the proposed AHP model was implemented in a local medium-sized cloud service provider named “Cirrus” with their single site data center. The actual criteria relevant to Cirrus was an adaptation of the “Best practice” described in the literature. The main reason for the adaptation of criteria was that the principle of PPP assumes multiple departments/datacenters located in a different geographical area in large service providers. As Cirrus is a type of SMEs, the adaptation of performance measurement was based on teams within the same data center location. Irrelevant of this adaptation, the objective of measuring vendors KPI using the AHP technique as a specific output of PPP is also a valid situation.

This study provides guidance for achieving cloud computing performance measurement using the AHP technique. Hence, the proposed technique is an integrated model to measure the PPP under monitored cloud environment.

The proposed technique measures and manages the performance of cloud service providers that also implicitly act as a catalyst to attain trust in such high information-sensitive environment leading to organizational effectiveness of managing cloud organizations.

The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made.

A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used.

Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced.

Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

The purpose of this paper is to identify and analyze challenges and to discuss proposed solutions for innovative public governance through cloud computing. Innovative technologies, such as federation of services and cloud computing, can greatly contribute to the provision of e-government services, through scaleable and flexible systems. Furthermore, they can facilitate in reducing costs and overcoming public information segmentation. Nonetheless, when public agencies use these technologies, they encounter several associated organizational and technical changes, as well as significant challenges.

We followed a multidisciplinary perspective (social, behavioral, business and technical) and conducted a conceptual analysis for analyzing the associated challenges. We conducted focus group interviews in two countries for evaluating the performance models that resulted from the conceptual analysis.

This study identifies and analyzes several challenges that may emerge while adopting innovative technologies for public governance and e-government services. Furthermore, it presents suggested solutions deriving from the experience of designing a related platform for public governance, including issues of privacy requirements, proposed business models and key performance indicators for public services on cloud computing.

The challenges and solutions discussed are based on the experience gained by designing one platform. However, we rely on issues and challenges collected from four countries.

The identification of challenges for innovative design of e-government services through a central portal in Europe and using service federation is expected to inform practitioners in different roles about significant changes across multiple levels that are implied and may accelerate the challenges' resolution.

This is the first study that discusses from multiple perspectives and through empirical investigation the challenges to realize public governance through innovative technologies. The results emerge from an actual portal that will function at a European level.

As the size of the population is growing and the capacity of the planet Earth is limited, human beings are searching for sustainable and technology-enabled solutions to support society, ecology and economy. One of the solutions has been developing smart sustainable cities. Smart sustainable cities are cities as systems, where their infrastructure, different subsystems and different functional domains are virtually connected to the information and communication technologies (ICT) and internet via sensors and devices and the Internet of Things (IoT), to collect and process real-time Big Data and make efficient, effective and sustainable solutions for a democratic and liveable city for its various stakeholders. This chapter explores the concepts and practices of sustainable smart cities across the globe and explores the use of technologies such as IoT, Blockchain technology and Cloud computing, etc. their challenges and then presents a view on business models for sustainable smart cities.

The purpose of this paper is to evaluate the impact of the Digital Age on e-finance in five key areas: payment systems, cloud computing in financial services, valuation metrics for multisided platforms, quantum trading, cyber security – costs, benefits and protection.

It is an exhaustive review of technical developments and corporate practices in the area of electronic finance.

Electronic finance is a dominating force changing business models and systems in financial services. New developments are creating newer valuation metrics, and reinforcing the costs and benefits of security systems.

This review concludes by pointing out potential areas of advancement in the coming decades and the possible evolution of newer e-finance models based on developments in artificial intelligence (AI) and internet of things (IoT) and its implications for managerial finance.

This is a review of the impact of electronic finance over the past two decades. Looking back electronic finance has significantly transformed the activities of corporations. Looking forward, financial managers have to watch for two important technical developments of AI and IoT and its potential impact on finance.

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this process by enabling connections between smart objects and humans, and also between smart objects themselves, which leads to anything, anytime, anywhere, and any media communications. IoT allows objects to physically see, hear, think, and perform tasks by making them talk to each other, share information and coordinate decisions. To enable the vision of IoT, it utilizes technologies such as ubiquitous computing, context awareness, RFID, WSN, embedded devices, CPS, communication technologies, and internet protocols. IoT is considered to be the future internet, which is significantly different from the Internet we use today. The purpose of this paper is to provide up-to-date literature on trends of IoT research which is driven by the need for convergence of several interdisciplinary technologies and new applications.

A comprehensive IoT literature review has been performed in this paper as a survey. The survey starts by providing an overview of IoT concepts, visions and evolutions. IoT architectures are also explored. Then, the most important components of IoT are discussed including a thorough discussion of IoT operating systems such as Tiny OS, Contiki OS, FreeRTOS, and RIOT. A review of IoT applications is also presented in this paper and finally, IoT challenges that can be recently encountered by researchers are introduced.

Studies of IoT literature and projects show the disproportionate importance of technology in IoT projects, which are often driven by technological interventions rather than innovation in the business model. There are a number of serious concerns about the dangers of IoT growth, particularly in the areas of privacy and security; hence, industry and government began addressing these concerns. At the end, what makes IoT exciting is that we do not yet know the exact use cases which would have the ability to significantly influence our lives.

This survey provides a comprehensive literature review on IoT techniques, operating systems and trends.

Despite the ongoing calls for the incorporation of the cloud utility model, the effect of the cloud on elements of supply chain performance is still an evolving area of research. The purpose of this paper is to develop the architecture of a cloud-based supply chain management (C-SCM) ecosystem and explore how it enhances supply chain responsiveness (SCR).

First, the authors discuss the potential benefits that cloud computing can yield, compared to existing mature SCM information systems and solutions through a comprehensive literature review. The authors conceptualise SCR in terms of the level of visibility in the supply chain, supply chain flexibility and rapid detection and reaction to changes, and then the authors build the detailed architecture of a C-SCM system. The proposed ecosystem introduces a view of SCM and the associated practices when transferred to cloud environments. The potential to enhance SCR through the cloud is explored with scenarios on a case of supply chain operations in fashion retail industry.

The findings show that the proposed system can enhance all three dimensions of SCR. Implications for supply chain practice and how companies can migrate to a cloud supply chain are drawn.

Given that the development, creation and delivery of goods and services are increasingly becoming a joint effort of several parties in a supply chain, the authors contribute to the existing literature by introducing a comprehensive C-SCM system and show how companies can enhance their SCR.