Evaluation of Security Service Level Agreements

Authors: 
Chen-Yu Lee and Krishna Kavi
Keywords: 
Security Service Level Agreements, Ontologies, Vulnerabilities HiTRUST, HiPAA
Abstract: 

Data breaches are the most serious security breaks among all types of cybersecurity threats. While Cloud hosting services provide assurances against data loss, understanding the security service level agreements (SSLAs) and privacy policies offered by the service providers empowers consumers to assess risks and costs associated with migrating their information technology (IT) operations to the Cloud. We have developed ontologies to represent security SLAs so that consumers can understand cybersecurity threats, techniques for mitigating the risks, and their roles and responsibilities and those of the service provider in terms of protecting IT systems. Our ontological representation of security services offered by a provider allows the customer to evaluate the level of compliance with respect to federal regulations such as Health Insurance Portability and Accountability Act (HIPAA). In this paper, we also describe ways to quantitatively assess the strength of compliance and the quality of protections offered by an SSLA. We hope that our approach can lead to negotiated SSLAs.

Publish Date: 
Sunday, November 15, 2015
Venue: 
Tenth International Conference on Software Engineering Advances (ICSEA 2015)
Paper URL: 
csrl.unt.edu/kavi/Research/ICSEA2015.pdf