Business alignment of information security

Nowadays businesses face multiple issues regarding new phenomena like cloud computing, which has a great business driver: with the minimisation of capital expenditure (CAPEX) on IT infrastructure and personnel the efficiency can be improved. Technically this is not a new invention, but it is changing the approach to the IT service, which become outsourced, highly adaptive and scalable. Of course the change in the technical landscape always implies security issues. Information security is not just a set of technical countermeasures: information security is also a business requirement. It will help to avoid financial loss, avoid bad reputation or increase trust among clients. The work shows the technical features and the security issues of cloud systems. It gives a global overview of information technology¿s industrial security standards that are widely used internationally, such as ISO/IEC 27001:2013, PCI DSS and COBIT. It also shows some legal regulation in the field of IT security. In the last part the author is presenting the results of a field research which compares two possible risk analysis methods in the case of cloud computing.