Nathalie Brender,Iliya Markov

DOI: https://doi.org/10.1016/j.ijinfomgt.2013.05.004

IF: 18.958

2013-10-01

International Journal of Information Management

Abstract:In today's economic turmoil, the pay-per-use pricing model of cloud computing, its flexibility and scalability and the potential for better security and availability levels are alluring to both SMEs and large enterprises. However, cloud computing is fraught with security risks which need to be carefully evaluated before any engagement in this area. This article elaborates on the most important risks inherent to the cloud such as information security, regulatory compliance, data location, investigative support, provider lock-in and disaster recovery. We focus on risk and control analysis in relation to a sample of Swiss companies with regard to their prospective adoption of public cloud services. We observe a sufficient degree of risk awareness with a focus on those risks that are relevant to the IT function to be migrated to the cloud. Moreover, the recommendations as to the adoption of cloud services depend on the company's size with larger and more technologically advanced companies being better prepared for the cloud. As an exploratory first step, the results of this study would allow us to design and implement broader research into cloud computing risk management in Switzerland.

information science & library science

Awatef Issaoui,Jenny Örtensjö,M. Sirajul Islam

DOI: https://doi.org/10.1186/s43093-023-00285-2

2023-12-15

Future Business Journal

Abstract:Abstract The adoption of cloud services offers manifold advantages to public organizations; however, ensuring data privacy during data transfers has become increasingly complex since the inception of the General Data Protection Regulation (GDPR). This study investigates privacy concerns experienced by public organizations in Sweden, focusing on GDPR compliance. A qualitative interpretative approach was adopted, involving semi-structured interviews with seven employees from five public organizations in Sweden. Additionally, secondary data were gathered through an extensive literature review. The collected data were analyzed and classified using the seven privacy threat categories outlined in the LINDDUN framework. The key findings reveal several significant privacy issues when utilizing public cloud services, including unauthorized access, loss of confidentiality, lack of awareness, lack of trust, legal uncertainties, regulatory challenges, and loss of control. The study underscores the importance of implementing measures such as anonymization, pseudonymization, encryption, contractual agreements, and well-defined routines to ensure GDPR compliance. The findings emphasize the importance of implementing measures such as anonymization, pseudonymization, encryption, contractual agreements, and well-defined routines to ensure GDPR compliance. Furthermore, this research highlights the critical aspect of digital sovereignty in addressing privacy challenges associated with public cloud service adoption by public organizations in Sweden.

Fotis Kitsios,Elpiniki Chatzidimitriou,Maria Kamariotou

DOI: https://doi.org/10.3390/su14031269

IF: 3.9

2022-01-24

Sustainability

Abstract:Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.

environmental sciences,environmental studies,green & sustainable science & technology

Mariam Kiran,Ming Jiang,Django Armstrong,Karim Djemame

DOI: https://doi.org/10.1109/dasc.2011.89

2011-01-01

Abstract:The principles of risk management have been introduced in grid computing to help document and anticipate certain risks and manage them to ensure job executions are successful. Clouds are more complex environments with further concerns like risk, trust, eco-efficiency, green, security or cost. In this paper we present ongoing research work to analyze and address the risk factor in clouds with the aim of optimizing cloud services. The main contribution of this work is the presentation of a methodology for performing risk assessment in cloud environments including the target use cases, risk identification, mitigation and monitoring. Together with the corresponding mitigation strategies, the methodology provides technological assurance that will lead to a high confidence of Cloud service consumers on one side, and a cost effective and reliable productivity of cloud Service/Infrastructure Providers on the other side. The design of the risk assessment framework and its software toolkit implementation are part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically. The paper presents some preliminary results on the risk assessment of a Service/Infrastructure Provider at the cloud service deployment stage.

Fredrick Kanobe,SP Sambo,Billy Mathias Kalema

DOI: https://doi.org/10.35970/jinita.v4i1.1292

2022-06-30

Journal of Innovation Information Technology and Application (JINITA)

Abstract:The study aimed at exploring the critical enablers to the development and usage of information security governance frameworks for cloud computing in Uganda. The study was motivated by the continuous information security governance challenges in the Public Cloud. The theoretical frameworks that underpinned this study included; Contingency management theory, the Risk Management framework, the Technological Organisational and Environmental (TOE) model and the Information Security Governance model. This study adopted a quantitative research approach to obtain data through a survey. Five key factors for information security governance were identified: a) Technological factors: flexibility, scalability, availability, agility, data protection governance, trust of cloud, data source, maintenance, data retention and policy. b) Organisation: size and structure of the organisation, top management support. c) Environmental factors: governance and regulation, marketing, vendor, resource availability, obsoleteness. d) Individual: user resistance, attitude, skills, belief and learnability. e) Risk management and control factors: risk assessment, disaster recovery, access and authorisation control, monitoring, auditing, and process risk control. The study contributes to theory and practice in information security. The developed framework and its accompanying model helped to inform public departments, organisational top management and information security strategies to avoid excessive information risks and potential regulatory compliance failures in public cloud. The study was inclined on subjective information security, which alone may not fully address all information security problems in a public cloud. Therefore, it is recommendable that future research studies on objective security in public cloud

Tarek Ali,Mohammed Al-Khalidi,Rabab Al-Zaidi

DOI: https://doi.org/10.1080/08874417.2024.2329985

2024-03-31

Journal of Computer Information Systems

Abstract:Cloud computing faces more security threats, requiring better security measures. This paper examines the various classification and categorization schemes for cloud computing security issues, including the widely known CIA trinity (confidentiality, integrity, and availability), by considering critical aspects of the cloud, such as service models, deployment models, and involved parties. A comprehensive comparison of cloud security classifications constructs an exhaustive taxonomy. ISO27005, NIST SP 800–30, CRAMM, CORAS, OCTAVE Allegro, and COBIT 5 are rigorously compared based on their applicability, adaptability, and suitability within a cloud-based hosting methodology. The findings of this research recommend OCTAVE Allegro as the preferred cloud hosting paradigm. With many security models available in management studies, it is imperative to identify those suitable for the rapidly expanding and dynamically evolving cloud environment. This study underscores the significant methods for securing data on cloud-hosting platforms, thereby contributing to establishing a robust cloud security taxonomy and hosting methodology.

computer science, information systems

Carlos Bendicho

DOI: https://doi.org/10.1007/978-3-030-80119-9_28

2021-06-19

Abstract:The present paper shows a proposal of the characteristics Cloud Risk Assessment Models should have and presents the review of the literature considering those characteristics in order to identify current gaps. This work shows a ranking of Cloud RA models and their degree of compliance with the theoretical reference Cloud Risk Assessment model. The review of literature shows that RA approaches leveraging CSA (Cloud Security Alliance) STAR Registry that have into account organizations security requirements present higher degree of compliance, but they still lack risk economic quantification. The myriad of conceptual models, methodologies and frameworks although based on current NIST SP 800:30, ISO 27001, ISO 27005, ISO 30001, ENISA standards could be enhanced by the use of techno-economic models like UTEM, created by the author, in order to conceive more simplified models for effective Risk Assessment and Mitigation closer to the theoretical reference model for Cloud Risk Assessment, available for all cloud models (IaaS, PaaS, SaaS) and easy to use for all stakeholders.

Networking and Internet Architecture,Cryptography and Security

Michalis Papamichael,Christos Dimopoulos,George Boustras,Marios Vryonides

DOI: https://doi.org/10.1016/j.ijcip.2024.100682

IF: 3.683

2024-05-09

International Journal of Critical Infrastructure Protection

Abstract:This paper investigates the views of practitioners on the decision-making influences and the transnational considerations affecting risk assessment (RA) for critical infrastructure (CI) and its protection (CIP). The investigation is based on a thematic analysis of the interviews of twelve RA practitioners. The analysis identified an overarching theme supporting the view that the team approach is the one true remedy to RA process shortcomings as well as five other themes: (1) the value of the human influence in RA; (2) transnationalism - an unfathomable notion; (3) consistency is no panacea to performance; (4) CI organizational RA-influencing forces; and (5) CI RA-enablers and impediments. The investigation suggests that the team approach to effective RA for CIP is considered as the absolute panacea in the eyes of practitioners although both insights from the current industry RA practice through the interviews themselves, and an investigation of relevant literature suggests that although this is warmheartedly recommended (a) there are no set rules and guidelines in its application, (b) it is not coordinated nor applied consistently, and (c) it is not an integral part of RA processes. Notwithstanding the reality that a team approach to RA for CIP is being contemplated by practitioners, albeit with lagging consistency and coordination, it is evident that additional research is necessary to broaden the understanding of its value.

engineering, multidisciplinary,computer science, information systems

Jamelia M. Anderson-Princen

DOI: https://doi.org/10.1007/s40804-022-00252-4

IF: 1.79

2022-06-21

European Business Organization Law Review

Abstract:Cloud applications are becoming central and critical to the delivery of financial services. Despite their significance, banks face increased exposure to transaction risks related to the use of cloud services and internal and external pressures to improve their risk management practices. In this study, we use a unique data set from a bank's cloud register to examine the effectiveness of internal governance on an ongoing cloud outsourcing transaction between a bank and cloud service provider. We employ structural equation modeling and a simple linear regression to test for transaction misalignment and causes of governance inefficiencies. We find that a strong degree of misalignment is largely due to poor design of internal controls and a weak control system that does not provide acceptable indications of residual risk likelihood. The findings indicate that cloud risks are driven not only by agency costs, but also by firm-specific risks which contribute to a number of transaction uncertainties and governance misalignment.

law,business

Gianfranco Elena,Christopher W. Johnson

DOI: https://doi.org/10.48550/arXiv.1509.06533

2015-09-22

Abstract:Cloud Computing services are increasingly being made available by the UK Government through the Government digital marketplace to reduce costs and improve IT efficiency; however, little is known about factors influencing the decision-making process to adopt cloud services within the UK Government. This research aims to develop a theoretical framework to understand risk perception and risk acceptance of cloud computing services. Study subjects (N=24) were recruited from three UK Government organizations to attend a semi- structured interview. Transcribed texts were analyzed using the approach termed interpretive phenomenological analysis. Results showed that the most important factors influencing risk acceptance of cloud services are: perceived benefits and opportunities, organization risk culture and perceived risks. We focused on perceived risks and perceived security concerns. Based on these results, we suggest a number of implications for risk managers, policy makers and cloud service providers.

Computers and Society

Abdalwali Lutfi,

DOI: https://doi.org/10.4192/1577-8517-v22_2

2022-03-04

The International Journal of Digital Accounting Research

Abstract:The Information Technology (IT) revolution that led to the development of cloud computing services and systems has brought numerous benefits to end users handling business through the Internet, particularly in the field of accounting information systems (AIS). Cloud-based accounting information systems (CB-AIS) enable firms to substantially reduce their investment in IT and have flexible access to an enormous group of current and scalable resources. CB-AIS enables small- and medium-sized enterprises (SMEs) to undertake basic bookkeeping responsibilities themselves instead of paying external auditors for the same services. In Jordan, however, current businesses are still in the infancy stage when it comes to CB-AIS adoption. Therefore, this study applied the Technology, Organization, and Environment model to examine CB-AIS adoption among SMEs in Jordan. Data collection was achieved using a structured survey questionnaire collected from 156 owners/managers of SMEs in Jordan through online means. The proposed research framework comprises six factors that influence intention to adopt CB-AIS (IACB-AIS). Based on the findings, the proposed hypotheses were supported in that the factors positively and significantly affect the IACB-AIS of SMEs in Jordan. Through examining an actual IACB-AIS case and highlighting the importance of its application, the study and its findings are expected to contribute to decision-makers and practitioners in the IT field.

Karim Djemame,Django J. Armstrong,Mariam Kiran,Ming Jiang

2011-01-01

Abstract:As the realization of Cloud computing environments advances from a simple and single private Cloud towards a more complex Cloud Service Ecosystem consisting of multiple coexisting public or hybrid Clouds, there are emerging high level concerns such as risk, trust, ecological, security, cost and legal factors that underpin the non-functional properties of the ecosystem. These concerns are beyond the traditional focus of providing functionalities at levels close to a single Cloud infrastructure such as hardware resource virtualization. In this paper we present ongoing research work to analyze and address the risk factor in such a Cloud Service Ecosystem for the purpose of optimizing Cloud service. The main contributions of the work are the design and implementation of an effective and efficient risk assessment framework (methodologies of risk identification, evaluation, mitigation and monitoring) for Cloud service provision. Together with the corresponding mitigation strategies, the framework provides technological assurance that will lead to a higher confidence of Cloud service consumers on one side and a cost-effective and reliable productivity of Cloud Service Provider (SP) and resources organized by individual Infrastructure Provider (IP) on the other side. The design of the risk assessment framework and its software toolkit implementation is part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically.

Xiaochen Liu,Chunhe Xia,Jiajin Cao,Jinghua Gao,Zhao Wei

DOI: https://doi.org/10.14257/ijsia.2014.8.6.32

2014-01-01

International Journal of Security and Its Applications

Abstract:Cloud services have become state of the art of resource sharing and interoperability among different service providers. The federated cloud seek to reduce costs and maximize efficiency, provide flexible and reliable services composed of various external cloud service and internal services, but this would introduce a risk of security due to outsourcing. For organization which provide an integrity cloud service must rely on SLA to illustrate the capacity of risk and performance, the various providers involved in the federations or services compositions should effectively distribute the organizational responsibilities and SLA. To solve the fears and deal with the threats associated with outsourcing, new method for selection of outsourcing cloud service providers(CSP) based on assessment of security and performance is urgently needed. This paper presents an approach on how to select the proper CSP to guarantee organizational SLA, which quantify the SLA terms and calculate a security weight, the organization can choose the appropriate CSP based on security weight, meanwhile minimize the business cost. This paper make contribution on modeling the capacity of the CSP, considering the business cost and historical performance. The proposed approach is validated through case study that shows selected CSP through our approach can best meet the organizational security and cost needs.

Ndukwe Ukeje,Jairo Gutierrez,Krassie Petrova

DOI: https://doi.org/10.1007/s10207-023-00797-6

2024-01-04

International Journal of Information Security

Abstract:The advent of new technologies and applications coupled with the COVID-19 pandemic tremendously increased cloud computing adoption in private and public institutions (government) and raised the demand for communication and access to a shared pool of resources and storage capabilities. Governments across the globe are moving to the cloud to improve services, reduce costs, and increase effectiveness and efficiency while fostering innovation and citizen engagement. However, information security and privacy concerns raised in the past remain significant to government adoption and utilisation of cloud computing. The study conducts a systematic literature review (SLR) using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) approach to examine information security and privacy as the fundamental challenges to government intention to adopt cloud computing. This study screened 758 articles and included 33 articles that revealed information security and privacy as critical factors and barriers to adopting cloud computing through a systematic evaluation (PRISMA approach). The combined two factors contributed 70% of the significant gaps to the cloud computing adoption challenges. In contrast, the individual contribution of information security and privacy as a significant gap to the challenges of cloud adoption yielded 9% and 12%, respectively. Furthermore, 9% of the authors recognised the need for a framework to address the challenges but could not attempt to develop the framework. The study contributes to the information security body of knowledge, PRISMA studies and provides direction in proposing strategies and frameworks to tackle information security and privacy challenges as future research.

computer science, information systems, theory & methods, software engineering

Rohani Rohan,Debajyoti Pal,Jari Hautamäki,Suree Funilkul,Wichian Chutimaskul,Himanshu Thapliyal

DOI: https://doi.org/10.1016/j.heliyon.2023.e14234

IF: 3.776

2023-03-01

Heliyon

Abstract:Information Security Awareness (ISA) is a significant concept that got considerable attention recently and can assist in minimizing the risks associated with information security breaches. Several measurement scales have been developed in this regard, as measuring users' ISA is paramount. Although ISA specific scales are very important, yet what methodological rigor they use in terms of initial conceptualization of ISA, data collection and analysis during the development, and scale validation of such scales are some unknown aspects. Therefore, we provide a comprehensive review of the existing ISA specific scales to address all the above concerns. A popular method, PRISMA, is utilized, and a total of 24 articles that match with criteria of this research are included for the final in-depth analysis. Also, a holistic evaluation framework is developed containing three phases and 19 criteria. Findings revealed that most studies treat ISA as a multi-dimensional construct, and ISA researchers rarely conduct both pilot testing and pre-text evaluation while validating and refining the initial scales. Additionally, several articles did not report some of the essential elements used for checking the rigor of factor analysis, and evidence for validities of the identified scales is inadequate. Consequently, existing ISA specific scales must be improved both in terms of the methodological thoroughness of the scale development procedure and their validities. Moreover, not only justifying why the development of a new scale is necessary, but also improving the quality of the existing scales by doing multiple iterations is significant in the future. Likewise, the inclusion of all the dimensions of ISA, while generating the initial items pool is an important aspect to be considered. A thorough discussion, recommendations for future research, conclusions, and study limitations are provided.

Hathal Salamah Alwageed,Ismail Keshta,Rafiq Ahmad Khan,Abdulrahman Alzahrani,Muhammad Usman Tariq,Anwar Ghani

DOI: https://doi.org/10.1371/journal.pone.0308971

IF: 3.7

2024-09-30

PLoS ONE

Abstract:The significance of cloud computing methods in everyday life is growing as a result of the exponential advancement and refinement of artificial technology. As cloud computing makes more progress, it will bring with it new opportunities and threats that affect the long-term health of society and the environment. Many questions remain unanswered regarding sustainability, such as, "How will widely available computing systems affect environmental equilibrium"? When hundreds of millions of microcomputers are invisible to each other, what will society look like? What does this mean for social sustainability? This paper empirically investigates the ethical challenges and practices of cloud computing about sustainable development. We conducted a systematic literature review followed by a questionnaire survey and identified 11 sustainable cloud computing challenges (SCCCs) and 66 practices for addressing the identified challenges. Interpretive structural modeling (ISM) and Artificial Neural Networks (ANN) were then used to identify and analyze the interrelationship between the SCCCs. Then, based on the results of the ISM, 11 process areas were determined to develop the proposed sustainable cloud computing challenges mitigation model (SCCCMM). The SCCCMM includes four main categories: Requirements specification, Quality of Service (QoS) and Service Legal Agreement (SLA), Complexity and Cyber security, and Trust. The model was subsequently tested with a real-world case study that was connected to the environment. In a sustainable cloud computing organization, the results demonstrate that the proposed SCCCMM aids in estimating the level of mitigation. The participants in the case study also appreciated the suggested SCCCMM for its practicality, user-friendliness, and overall usefulness. When it comes to the sustainability of their software products, we believe that organizations involved in cloud computing can benefit from the suggested SCCCMM. Additionally, researchers and industry practitioners can expect the proposed model to provide a strong foundation for developing new sustainable methods and tools for cloud computing.

Fatima A. Alali,Chia-Lun Yeh

DOI: https://doi.org/10.2308/isys-50229

2012-06-01

Journal of Information Systems

Abstract:ABSTRACT We provide an overview of cloud computing: evolution, benefits, and challenges. Then we examine the risk characteristics identified in accounting and auditing literature by comparing a hand-collected sample of cloud computing companies with a matched sample of non-cloud computing companies. The study uses a comprehensive set of factors used in accounting and auditing literature to describe client business risk, audit risk, and auditor-related risk. Unsurprisingly, the findings show that large companies in the historically high-risk information technology industries provide cloud computing. More interestingly, the results show that cloud computing is more leveraged, and more likely to have a material weakness and longer audit tenure. Cloud computing companies are also more likely to restate their financial statement after providing cloud technologies. Some of the risk variables we used in the study are not statistically significant in capturing the risks of cloud providers (e.g., security, privacy, availability, confidentiality). The study contributes to the literature in IT outsourcing in general, and in cloud computing more specifically. The study also responds to the recent call for insightful research in cloud computing.

business, finance

Gianfranco Elena,Christopher W. Johnson

DOI: https://doi.org/10.48550/arXiv.1509.06536

2015-09-22

Computers and Society

Abstract:Cloud computing is revolutionising the way software services are procured and used by Government organizations and SMEs. Quantitative risk assessment of Cloud services is complex and undermined by specific security concerns regarding data confidentiality, integrity and availability. This study explores how the gap between the quantitative risk assessment and the perception of the risk can produce a bias in the decision-making process about Cloud computing adoption. The risk perception of experts in Cloud computing (N=37) and laypeople (N=81) about ten Cloud computing services was investigated using the psychometric paradigm. Results suggest that the risk perception of Cloud services can be represented by two components, called dread risk and unknown risk, which may explain up to 46% of the variance. Other factors influencing the risk perception were perceived benefits, trust in regulatory authorities and technology attitude. This study suggests some implications that could support Government and non-Government organizations in their strategies for Cloud computing adoption.

Ahmed Meri,Mohammad Khatim Hasan,Mohammed Dauwed,Mu'taman Jarrar,Ali Aldujaili,Mohammed Al-Bsheish,Salah Shehab,Haitham Mohsin Kareem

DOI: https://doi.org/10.1371/journal.pone.0290654

IF: 3.7

2023-08-25

PLoS ONE

Abstract:The need for cloud services has been raised globally to provide a platform for healthcare providers to efficiently manage their citizens' health records and thus provide treatment remotely. In Iraq, the healthcare records of public hospitals are increasing progressively with poor digital management. While recent works indicate cloud computing as a platform for all sectors globally, a lack of empirical evidence demands a comprehensive investigation to identify the significant factors that influence the utilization of cloud health computing. Here we provide a cost-effective, modular, and computationally efficient model of utilizing cloud computing based on the organization theory and the theory of reasoned action perspectives. A total of 105 key informant data were further analyzed. The partial least square structural equation modeling was used for data analysis to explore the effect of organizational structure variables on healthcare information technicians' behaviors to utilize cloud services. Empirical results revealed that Internet networks, software modularity, hardware modularity, and training availability significantly influence information technicians' behavioral control and confirmation. Furthermore, these factors positively impacted their utilization of cloud systems, while behavioral control had no significant effect. The importance-performance map analysis further confirms that these factors exhibit high importance in shaping user utilization. Our findings can provide a comprehensive and unified guide to policymakers in the healthcare industry by focusing on the significant factors in organizational and behavioral contexts to engage health information technicians in the development and implementation phases.

Alexandre Verdet,Mohammad Hamdaqa,Leuson Da Silva,Foutse Khomh

2023-08-08

Abstract:Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools, allowing the community to conveniently manage and configure cloud infrastructure using scripts. However, the scripting process itself does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks. As a result, ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices. In order to understand how practitioners deal with this problem, in this work, we perform an empirical study analyzing the adoption of IaC scripted security best practices. First, we select and categorize widely recognized Terraform security practices promulgated in the industry for popular cloud providers such as AWS, Azure, and Google Cloud. Next, we assess the adoption of these practices by each cloud provider, analyzing a sample of 812 open-source projects hosted on GitHub. For that, we scan each project configuration files, looking for policy implementation through static analysis (checkov). Additionally, we investigate GitHub measures that might be correlated with adopting these best practices. The category Access policy emerges as the most widely adopted in all providers, while Encryption in rest are the most neglected policies. Regarding GitHub measures correlated with best practice adoption, we observe a positive, strong correlation between a repository number of stars and adopting practices in its cloud infrastructure. Based on our findings, we provide guidelines for cloud practitioners to limit infrastructure vulnerability and discuss further aspects associated with policies that have yet to be extensively embraced within the industry.

Cryptography and Security,Software Engineering