IT Security Risk Management of Cloud Computing Services in Critical Infrastructures

Please use this identifier to cite or link to this item:
Open Access logo originally created by the Public Library of Science (PLoS)
Title: IT Security Risk Management of Cloud Computing Services in Critical Infrastructures
Authors: Adelmeyer, Michael
Thesis advisor: Prof. Dr. Frank Teuteberg
Thesis referee: Prof. Dr. Oliver Thomas
Abstract: Due to the considerable advantages of cloud computing, such as cost efficiency, flexibility, and scalability, the technology has transformed the means of IT service provisioning. To realize the proclaimed benefits, critical infrastructure providers, as the backbone of societal life, increasingly deploy their IT services, processes, and functions in cloud environments. However, as the control over the underlying cloud infrastructure and the corresponding security measures is delegated to the cloud provider, the outsourcing to cloud environments exposes critical infrastructures to security risks. This is especially crucial since critical infrastructures highly rely on IT systems for dependable service provisioning. In addition, each cloud deployment is afflicted with individual risks depending on the selected cloud service and deployment model. Due to the strict requirements and regulations regarding the IT security of their landscapes, the management of IT security risks related to the adoption of cloud services is of significant importance for critical infrastructures. Thus, the objective of this thesis is to examine the IT security risk management of cloud services in critical infrastructures. For this purpose, frameworks, conceptual models, prototypical tools, action recommendations, and implications are developed. Besides the investigation of the status quo of cloud computing service adoption in German critical infrastructures, implications and methods for an adequate management of IT security and the corresponding risks resulting from the adoption of cloud computing services are derived. Further, in the context of the interaction between critical infrastructure and cloud computing service providers, the role of trust is examined. In addition, frameworks and prototypes for a tool support for the IT security risk management of cloud services in critical infrastructures are developed. As an underlying analytical framework, a multi-method approach is chosen to examine the field from a behavioral- as well as a design-oriented perspective by applying various qualitative and quantitative research methods. The results of this dissertation can support decision makers and researchers in the field of the IT security risk management of cloud computing services in critical infrastructures.
Subject Keywords: IT Security; IT Risk Management; Cloud Computing; Critical Infrastructures; Trust; Privacy
Issue Date: 27-Feb-2020
License name: Attribution-NonCommercial-NoDerivs 3.0 Germany
License url:
Type of publication: Dissertation oder Habilitation [doctoralThesis]
Appears in Collections:FB09 - E-Dissertationen

Files in This Item:
File Description SizeFormat 
thesis_adelmeyer.pdfPräsentationsformat1,23 MBAdobe PDF

This item is licensed under a Creative Commons License Creative Commons