Abstract
In recent years, cloud computing has become increasingly integral to organizational operations due to its scalability, accessibility and cost effectiveness in managing data and resources. However, the rise in security threats and attacks on cloud environments necessitates having robust measures in place to protect data confidentiality, integrity and availability. This paper presents an optimized approach to cloud information security management by reviewing the current threat landscape, evaluating key risk management frameworks, and provided practical solutions for enhancing enterprise cloud security. The study examined three leading cloud security frameworks: the Cloud Controls Matrix (CCM) known for its cloud-specific controls, the NIST Cybersecurity Framework (CSF) valued for its flexibility, and ISO/IEC 27001 & 27017 recognized for their comprehensive approach to security management. Additionally, an implementation guide is provided to help organizations apply these frameworks effectively to mitigate security risks in cloud environments. We also outlined an integrated security culture, technical controls and policy framework designed to enhance the security posture of organizations that rely on cloud services. Overall, this study provides actionable strategies that organizations can implement for enterprise cloud security and provides a comprehensive roadmap for achieving resilient and effective risk mitigation in cloud environments.
Included in
Information Security Commons, Management Information Systems Commons, Other Computer Sciences Commons, Technology and Innovation Commons