How to ensure Confidentiality, Integrity and Availability (CIA)?
Basically these procedures are implemented to tell people like administrators, users and operators, how to use products to ensure information security within the organizations and protect hardware, software and communications.
We describe some security industry standards, mechanisms of protection and prevention, at three levels: physical, personal and organizational.
One of the most important recommendations in the ENISA’s Cloud Computing Risk Assessment report is the Information Assurance Framework, a set of assurance criteria designed to assess the risk of adopting cloud services, compare different Cloud Provider offers, obtain assurance from the selected cloud providers, reduce the assurance burden on cloud providers.
This is an ENISA deliverable aiming to facilitate a knowledge transfer of IT Business Continuity issues to Small Medium Enterprises (SMEs).
The following list provides a set of Privacy and Data Protection issues that SMEs should be aware when adopting and/or migrating to cloud solutions.
Cloud Controls Matrix v3.0.1
Please consider filling out the following questionnaire to assist us in better serving the cloud computing community.
This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security.
SME Cloud Security Tool offers the functionality to rate the risks and opportunities and to generate a list of security questions to understand the main features of the cloud service under deployment. The tool can also calculate and visualise risks and opportunities, and consult the results into a customised set of security questions. Rate the security opportunities and the security risks below according to your organisation requirements.