Title: IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach

Year of Publication: 2013
Page Numbers: 56-68
Authors: Gunnar Wahlgren, Stewart Kowalski
Conference Name: The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC2013)
- United Arab Emirates


We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and we claim that IT Security Risk Management framework exist at each organizational levels. In this paper we concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. We present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally we will use our approach in a cloud computing environment as we believe that it is necessary to react fast on incident and therefore a need to have a well-documented and communicated monitoring and escalation processes between different organizational levels.