Certifications Past and Future: A Future Model for Assigning Certifications that Incorporate Lessons Learned from Past Practices

Masooda Bashir, Carlo Di Giulio, Charles A. Kamhoua

Research output: Chapter in Book/Report/Conference proceedingChapter


Security certifications are widely used to demonstrate compliance with privacy and security principles, but over the last few years, new technologies and services –such as cloud computing applications – have brought new threats to the security of information, making existing standards weak or ineffective.

Three of the most highly regarded information technology security certifications used to assess cloud security are ISO/IEC 27001, SOC 2, and FedRAMP. ISO and SOC 2 have been used worldwide since 2005 and 2011, respectively, to build and maintain information security management systems or controls relevant to confidentiality, integrity, availability, security, and privacy within a service organization; FedRAMP was created in 2011 to meet the specific needs of the U.S. government in migrating its data on cloud environments.

This chapter describes the evolution of these three security standards and the improvements made to them over time to cope with new threats, and focuses on their adequacy and completeness by comparing them to each other. Understanding their evolution, resilience, and adequacy sheds light on their weaknesses and thus suggests improvements needed to keep pace with technological innovation.
Original languageEnglish (US)
Title of host publicationAssured Cloud Computing
EditorsRoy H. Campbell, Charles A. Kamhoua, Kevin A. Kwiat
PublisherWiley-IEEE Press
ISBN (Electronic)9781119428497
ISBN (Print)9781119428633
StatePublished - Dec 20 2018


  • American Institute of Certified Public Accountants
  • Service Organization Control
  • Payment Card Industry Security Standard Council
  • information technology security certifications
  • cloud technology
  • Cloud Security Alliance


Dive into the research topics of 'Certifications Past and Future: A Future Model for Assigning Certifications that Incorporate Lessons Learned from Past Practices'. Together they form a unique fingerprint.

Cite this