A Study of Implementing an Information Security Management System for Open Source Cloud Computing

An Information Security Management System (ISMS) contains a coordinated set of activities, processes, controls, and policies with the purpose of protecting and managing the information assets within an organization. In this paper we present the way in which an ISMS as specified in the ISO 27001 can be applied for the cloud and implemented on our test platform based on SlapOS, the first open source provisioning and billing system for distributed cloud computing. The goal of this paper is to demonstrate a new and easier way to manage security for the cloud, with a specific focus on distributed cloud computing. We will present the results measured by applying ISMS controls for ensuring levels of QoS and SLA according to contracts, moreover also optimizing the costs and resources used by the cloud platform.