| Summary: | <p>After the publication of secret documents by a former U.S. NSA contractor Edward Snowden, many governments around the world have been hesitant to procure external information system services provided by global cloud service providers, such as Amazon Web Services, Microsoft, and Google Cloud. There is a growing concern about preserving the confidentiality of sensitive data across government agencies when using such external services. The use of certification schemes is becoming more critical to assure the security of services offered. This situation is problematic because many certification schemes aim to demonstrate compliance with a security standard, rather than achieve a specified level of security. Despite the benefits of security certification schemes like Common Criteria (CC), an assurance-based certification process does not scale well to service provision.</p> <p>This thesis aims to investigate the concept of system assurance and trustworthiness in service provisioning, especially when government agencies procure external information system services to support the delivery of public services. By using work on the Indonesian Government’s data confidentiality requirements, this thesis develops principles as foundations for <em>a trustworthy data security level agreement (TDSLA) capability framework</em> as a new assurance mechanism for service provisioning based on discrete levels of security assurance incorporated into the formulation of a service level agreement (SLA). The principles which have emerged from the empirical qualitative data collection were evaluated and validated using three approaches, namely: 1) reflection against related work; 2) testimonial validity through participants’ feedback; and 3) application of transferability using cases from Amazon Web Services -UK Government Cloud (AWS G-Cloud) and the US Federal Risk and Authorization Management Program (AWS FedRAMP).</p> <p>The thesis claims three contributions (methodological, empirical and conceptual) towards the stated research question and sub-research questions. The first contribution is developing and conducting an adaptive Wideband Delphi method to engage with elite participants as well as minimise barriers to completing data collection activities. An additional methodological contribution is the application of grounded theory to the Delphi study results as a means of providing a theoretical understanding of the specific categories as components of principles and framework. The second contribution is developing a foundation for future research by providing various understandings of government security needs, government SLA data confidentiality requirements, and service provision for data confidentiality in SLAs. The third contribution is developing and validating principles as foundations for a TDSLA capability framework. The key inspiration for building the proposed framework is the CC certification process. The CC aims to certify levels of security for products while the TDSLA capability framework aims to certify levels of security for services.</p>
|
|---|