Assessing information security risks in the cloud: A case study of Australian local government authorities
Ali, O., Shrestha, A., Chatfield, A., & Murray, P. (2020). Assessing information security risks in the cloud: A case study of Australian local government authorities. Government Information Quarterly, 37(1), 101419.
This study explores key factors related to the information security requirements of cloud services in regional Australian local government environments and proposes a conceptual model of cloud computing security requirements. The article first briefly introduces cloud computing and its application in government operations, and then uses ten empirically verified factors to determine the security requirements for cloud computing in government departments. After analysis and statistics, the article proposes four components of the cloud computing security requirements model – data security; risk assessment; legal and compliance requirements; and business and technical requirements. The second half of this study adds readers’ academic insights and advantages to the application of cloud computing security to local government departments through a detailed analysis of each component. The main limitation of this article is that it only focuses on the needs of government departments for cloud computing security. It may be more targeted, but the angle is not suitable for readers other than government departments or large enterprises. Therefore, this article is sufficient to discuss the application of cloud computing by enterprises, but it lacks guidance for SME users. At the same time, it also needs to discuss cloud service providers in specific cloud computing application scenarios to ensure more comprehensive security.