Risk Management of New Technologies
This work is licensed under a Creative Commons Attribution 4.0 International License.
The copyright to this article is transferred to the University of Public Service Budapest, Hungary (for U.S. government employees: to the extent transferable) effective if and when the article is accepted for publication. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.
The author warrants that this contribution is original and that he/she has full power to make this grant. The author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors.
An author may make an article published by University of Public Service available on a personal home page provided the source of the published article is cited and University of Public Service is mentioned as copyright holder
Abstract
Nowadays businesses face multiple issues regarding new phenomena like cloud computing, which is a great business impetus: with the minimization of capital expenditure (CapEx) on IT infrastructure and personnel the efficiency can be improved. Technically this is not a new invention, but it is changing the approach to IT service, which has become outsourced, highly adaptive and scalable. Of course, the change in the technical landscape always implies security issues. Information security is not just a set of technical countermeasures: it is also a business requirement. It will help to avoid financial loss, avoid bad reputation or increase trust among clients.
The article analyses business alignment of information security in the case of cloud services. It shows the results of research, where the theoretical and practical issues of risk assessment-based business decision support were analysed and proved. Its finding was that there are cases when we can do examination, but general automatized tools are inadequate. However specialized tools and sometimes third party certifications should give more support.