SLA based Information Security Metrics in Cloud Computing

Cloud Computing provides a scalable, high availability and low cost services over the internet. Security and privacy concerns have been creating obstacles for the enterprise to entirely shift to cloud. The increase security risks are required to be identified to assist Cloud customers and Cloud Service Providers (CSP) for better information technology (IT) governance.ISO/IEC 27001:2005 and NIST SP 800-53 Rev.3 are most widely used by the CSPs to mitigate Cloud risks. The metrics are the best tool to take good decisions on the base of qualitative and quantities analysis, efficiency and effectiveness of the implemented standard.Service Level Agreement (SLA) is a contractual document signed between Cloud customer and CSP and due to rapid growth in Cloud Computing, continuous monitoring of SLA is required to measure the performance of the CSP.The research used Goal Question Metric (GQM) framework for the selection of SLA based Information Security metrics. Keeping in view metrics selection process, 42 Information Security metrics for the measurement of security and to monitor the performance of Cloud Computing services were identified and proposed.