Home // ICSEA 2015, The Tenth International Conference on Software Engineering Advances // View article

Evaluation of a Security Service Level Agreement

Authors:
Chen-Yu Lee
Krishna M. Kavi

Keywords: service level agreement; SLA; security; SSLA; cloud computing

Abstract:
Data breaches are the most serious security breaks among all types of cybersecurity threats. While Cloud hosting services provide assurances against data loss, understanding the security service level agreements (SSLAs) and privacy policies offered by the service providers empowers consumers to assess risks and costs associated with migrating their information technology (IT) operations to the Cloud. We have developed ontologies to represent security SLAs so that consumers can understand cybersecurity threats, techniques for mitigating the risks, and their roles and responsibilities and those of the service provider in terms of protecting IT systems. Our ontological representation of security services offered by a provider allows the customer to evaluate the level of compliance with respect to federal regulations such as Health Insurance Portability and Accountability Act (HIPAA). In this paper, we also describe ways to quantitatively assess the strength of compliance and the quality of protections offered by an SSLA. We hope that our approach can lead to negotiated SSLAs.

Pages: 333 to 340

Copyright: Copyright (c) IARIA, 2015

Publication date: November 15, 2015

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-438-1

Location: Barcelona, Spain

Dates: from November 15, 2015 to November 20, 2015