🤖 AI Summary
This paper addresses the fragmentation of information security governance and insufficient standard alignment in cloud computing environments. Methodologically, it proposes a layered security operations reference framework that integrates cloud service models (IaaS/PaaS/SaaS) with mainstream security frameworks (ISO/IEC 27001 and the OWASP Cloud Security Guidelines), and—novelty—systematically unifies cloud-native architectural characteristics with Secure SDLC practices to establish an actionable security governance pathway across public cloud, private cloud, and all three cloud service layers. The core contribution is a structured cloud security operations checklist and a control-mapping matrix that jointly aligns regulatory compliance requirements and risk mitigation objectives. This dual-dimension alignment significantly enhances security controllability and accelerates standards implementation during cloud migration.
📝 Abstract
Information Security in Cloud Computing environments is explored. Cloud Computing is presented, security needs are discussed, and mitigation approaches are listed. Topics covered include Information Security, Cloud Computing, Private Cloud, Public Cloud, SaaS, PaaS, IaaS, ISO 27001, OWASP, Secure SDLC.