8Certifications Past and Future: A Future Model for Assigning Certifications that Incorporate Lessons Learned from Past Practices
Masooda Bashir1, Carlo Di Giulio2,3, and Charles A. Kamhoua4
1School of Information Sciences, University of Illinois at Urbana-Champaign, Champaign, IL, USA
2Information Trust Institute, University of Illinois at Urbana-Champaign, Urbana, IL, USA
3European Union Center, University of Illinois at Urbana-Champaign, Champaign, IL, USA
4U.S. Army Research Laboratory, Network Sciences Division, Network Security Branch, Adelphi, MD, USA
Security certifications are widely used to demonstrate compliance with privacy and security principles, but over the last few years, new technologies and services – such as cloud computing applications – have brought new threats to the security of information, making existing standards weak or ineffective.
Three of the most highly regarded information technology security certifications used to assess cloud security are ISO/IEC 27001, SOC 2, and FedRAMP. ISO and SOC 2 have been used worldwide since 2005 and 2011, respectively, to build and maintain information security management systems or controls relevant to confidentiality, integrity, availability, security, and privacy within a service organization; FedRAMP was created in 2011 to meet the specific needs of the U.S. government in migrating its data on cloud environments.
This chapter describes the evolution of these three security standards and the improvements made to ...
Get Assured Cloud Computing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
