Security framework for adapting user requirements for multiple application levels

Abstract

Small and medium-sized enterprises (SMEs) were able to operate new services if they met the standards after receiving security reviews before building new services and implementing services. Before launching services, service providers—including small and medium-sized enterprises—conduct their own security reviews. However, due to various environmental changes and practical constraints, it is not always possible to meet all of the specific requirements of every department within the company, including the cloud. Existing studies have been conducted to improve the items of the security review checklist and verify its effectiveness, but there are insufficient studies to analyze and synthesize actual case results. Therefore, this paper analyses the results of the security review for the entire process from planning to operation of the system and service in operation and proposes an appropriate review and proceeding plan from the security practitioner’s point of view.