Existing Framework

Pros

Cons

CSF

1) Focuses on defense

2) Relevant to current threats

1) Very complex

2) Not readily fitting into the SME environment or cloud security environment

ENISA

1) Stresses on the critical aspect of monitoring and auditing

2) Plans for exits, including how data will be deleted and how services continuity will be maintained

1) The framework is less relevant to enterprise cloud users due to its complexity and also the fact that it is more significant to government clouds.

2) The framework does not account for challenges encountered by developing country SMEs.

ISO 27001

1) Because it’s tried and tested, countries often use it as a basis on which to create a manual about security and what to do

1) Like many of the ISO standards, it can be a bit daunting, and many smaller organizations are put off by the effort required to gain accreditation and the perception that it can be difficult to implement.

COSO Framework

1) Effectiveness and efficiency of operations

2) Reliability of financial reporting

3) Compliance with applicable laws and regulations

1) The COSO framework individually does not solve the issues arising from security in the cloud.