A Semantic Ontology based Concept for Measuring Security Compliance of Cloud Service Providers?

Cloud computing is Internet-based computing, whereby shared resources, software and information, are provided with computers and devices on-demand. It also makes security problems more complicate and more important for Cloud Service Provider (CSP) and consumer than before. International standard organizations issue security-related standards and guidance which can be used in cloud environment such as ISO/IEC 27001. This research explores the possibility to measure security compliance for data breaches threat based semantic similarity measure between the documents of international standard compliments and CSP response against data breaches threat. We developed a model for that purpose. Our model consists of three stages: (1) Extracting ontology concepts of CC threat (2) Extracting ontology concepts of CSP (3) Matching Process among the both ontology concepts. The matching process has done by using semantic similarity measure. Also during our study, we collected and studied many documents and reports that discussed data breaches threat. Then we classified it into group of (Control Area), identify the items that cover each control area. Also tested 5 CSPs to measure their security compliance by collection their data related to each control area; then convert it into text file in order extracting ontology concepts.