Cloud-GMR: A Qualitative Framework for Governance and Risk Management of Cloud-hosted Public Services
Abstract:
The rapid adoption of Cloud Computing in the last decade has promoted the development and innovation of IT services around the world. This includes the provision of on-demand hardware and software infrastructures, reducing administrative costs, and saving endless deployment efforts. However, public organizations are still reluctant to move towards this computing model due to inherent issues related to the loss of governance and increased IT risks. In this research, we introduce a straightforward 3-phase framework named Cloud-GMR for assisting the decision-making process of determining whether or not moving public services to the Cloud. Our proposal integrates COBIT v.5, ISO 27005 and OCTAVE-S methodologies into a unified qualitative framework for governance and risk management. The novelty of Cloud-GMR is the provision of guidelines for aligning business objectives, identifying migration requirements and assessing risks before adopting any Cloud strategy in the public sector. We also evaluate the applicability of our proposal inside an Ecuadorian public institution.
Año de publicación:
2020
Keywords:
- octave
- CLOUD COMPUTING
- iso 27005
- cobit
- Public Sector
- Governance
- Risk management
Fuente:
google
scopusTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Gestión de riesgos
- Computación en la nube
Áreas temáticas:
- Consideraciones generales de la administración pública
- Derecho laboral, social, educativo y cultural
- Programación informática, programas, datos, seguridad
