---

Nowadays businesses face multiple issues regarding new phenomena like cloud computing, which has a great business driver: with the minimisation of capital expenditure (CAPEX) on IT infrastructure and personnel the efficiency can be improved. Technically this is not a new invention, but it is changing the approach to the IT service, which become outsourced, highly adaptive and scalable. Of course the change in the technical landscape always implies security issues. Information security is not just a set of technical countermeasures: information security is also a business requirement. It will help to avoid financial loss, avoid bad reputation or increase trust among clients. The work shows the technical features and the security issues of cloud systems. It gives a global overview of information technology´s industrial security standards that are widely used internationally, such as ISO/IEC 27001:2013, PCI DSS and COBIT. It also shows some legal regulation in the field of IT security. In the last part the author is presenting the results of a field research which compares two possible risk analysis methods in the case of cloud computing.

---

Dr. Tamás Szádeczky graduated in engineering, in security politics and in information systems management. He wrote his PhD thesis about the regulation of IT security. He has been working in the field of information security since 2003 and he is a lecturer of the topic since 2008. He is a CISSP, CISM, CISA, PCI QSA and IRCA ISO 27001 lead auditor.

---