The framework development process is mainly guided by a combination of theories, industry standards and methodologies. Figure 3.1 provides an insight into the steps used in the methodology for framework development.
Figure 3.1: Methodology for Framework Development 3.2.1 Step 1: Literature Review
The first step involves the application of a methodology for reviewing existing literature. It is mainly carried out to identify, analyse and summarise the present state-of-the-art literature concerning the methods and approaches for enabling cloud security transparency. Evidence from the literature is
24
pointed out to outline various techniques that are adopted for developing CSTF, addressing research questions, aims and objectives.
3.2.2 Step 2: Framework Development
The second step deals with the development of CSTF, which incorporates many concepts, a unified process and tool support for performing an audit. The concepts constitute and provide the high-level foundation for understanding security transparency from conceptual, organizational and technical perspectives. The process describes different phases of activities which can be followed by any organisation to achieve security transparency, and lastly, security transparency and audit tool is specifically designed to support organisations utilize security audit as a means for achieving security transparency
In developing the framework, several techniques, theories and standards are employed for ensuring that it is developed and implemented according to generally accepted principles. In particular, sections from renowned industry standards, guidelines, frameworks and models were applied across different activities within the process by looking at specific features within the standards and where they can be applied in the process. The following section provides an insight into the many techniques and standards used:
3.2.2.1 Secure Tropos
The proposed framework needed to be developed based on standard methodology, and for that reason, Secure Tropos was considered (Mouratidis and Giorgini, 2007). Secure Tropos is a novel agent-oriented software development methodology that covers development process from initial requirement analysis to detailed design, which allows for greater understanding of the operational environment of a software system (Bresciani et al., 2004). Therefore, the research follows a set of concepts, such as actors, constraints, and goals based on Secure Tropos (Mouratidis and Giorgini, 2007). Secure Tropos uses the concepts of actors, goals and social dependencies to define and view a multi-agent system and its social dependencies as a set of actors from within organizational settings (Giorgini et al., 2007). The research extends secure Tropos by using new concepts such as evidence, risk, and audit in an attempt to develop the proposed framework. The reason for choosing Secure Tropos is that it is well suited for modelling security requirements and provides in-depth analysis of security issues from organization and its social setting. The concepts of Secure Tropos and those proposed in our approach are integrated to enable the identification of goals, assets, and assessing CSP evidence.
3.2.2.2 Ontology and Semantic Web Language
Ontology is a formal language that allows the explicit specification and conceptualization of ideas that represent the abstract model of a phenomenon (Maedche and Staab, 2001). It enables the construction of knowledge and provides the advantage of knowledge representation in organized metadata of complex information resources (McGuinness and Van Harmelen, 2004). The metadata provides
25
semantic information about resources which are encoded as instances. The proposed framework comprises various concepts that represent abstract ideas in the domain knowledge of transparency. Ontology is used to provide an explicit knowledge-based understanding of the attributes, relationships, restrictions and rules between the concepts.
3.2.2.3 Industry Standards
Renowned industry standards, guidelines, frameworks, methodologies and models were followed in developing the framework, some of which include:
CSA CCM: is used because it provides a set of controls that provide fundamental security principles to help cloud computing customers and vendors achieve security relating to information asset protection in the cloud industry (Cloud Security Alliance, 2017a). The CCM was adopted to specify essential security requirements for asset protection that must be met by the CSP, and form the basis of a security audit.
CSA CAIQ: provides a template questionnaire containing a set of questions that can be used by auditors to assess the security capabilities of a CSP (Cloud Security Alliance, 2017b). CAIQ is considered for creating security audit checklist that for obtaining assertions and evidence from CSPs.
CIS CSC: is designed to help organisations safeguard their assets. It consists of critical and actionable controls that are designed to defend organisations against known attacks, achieves higher overall cybersecurity defence, and implement a coherent security program.
ENISA Cloud Controls: provides a guide to assess organisations’ security risks that are CSP- oriented and focuses on control measures that protect cloud computing systems against operational risks (ENISA, 2016).
ISAE 3402 Standards: provide guidelines for the conduct and performance of security audit according to established criteria and procedure (ISAE500). This standard is employed in establishing audit criteria for assessing CSP evidence.
3.2.3 Step 3 Research Validation
An empirical research method is selected for implementing and validating the contributions of this research. According to Euneson et al. (Runeson and Höst, 2009), empirical studies are increasingly becoming popular in information systems research because it has proven to be an effective research method to collect relevant data for investigating a specific problem in information systems. Therefore, a case-study approach was employed to validate the contributions of this research. The case study approach is widely used in research domain because it is useful for an explanatory research project, and serves as the basis for the development of well-structured research findings (Straub et al., 2004). The rationale behind employing a case-study is to obtain meaningful feedback regarding the validity of
26
CSTF as well as stakeholders views on the usefulness of STAT and then analyse the feedback to determine the acceptability and validity of the proposed framework.
3.2.3.1 Technology Acceptance Model
In formulating and evaluating the questionnaire used in collecting stakeholders’ feedback, we use the renowned Technology Acceptance Model (TAM) (Davis, 1989) and the Unified Theory of Acceptance and Use of Technology (UTAUT) (Venkatesh et al., 2003). TAM deals with the prediction of the adaptability of a newly developed information system by users within an environment, to determine its acceptability to a context and the modifications that need to be made to make it acceptable to all users. The authors maintained that the acceptability of any information system is determined by two major factors: perceived usefulness and perceived ease of use. Perceived usefulness entails the degree to which a person believes the use of a system will improve his performance (Davis, 1989). Perceived ease of use refers to the degree to which an individual believes that the use of a system will improve performance. On the other hand, UTAUT proposed four constructs, namely: performance expectancy, social influence, effort expectancy, and facilitating conditions that are direct determinants of usage of intention and behaviour (Karahanna and Straub, 1999). Therefore, TAM and UTAUT were selected as they appear to have some relationship in their constructs for in evaluating feedbacks.