Abstract—Computing technology has been evolution to cloud technology nowadays. Cloud computing has scalability on providing network access to a shared pool computing resources and applications with quick provisioning process and minimum effort. A Cloud service provider (CSP) is a third-party vendor that provides application delivery, hosting, monitoring, and other services through cloud computing (Horwath, 2012). Cloud service in an IT function still requires standard and frameworks. Company PT. Media Andalan Bersama, as a CSP, needs to understand the standards and frameworks that obtain IT governance in a cloud environment. There are some challenges in cloud computing regarding privacy, confidentiality and security of data and threat to business continuity. Several popular IT Governance and Standards Frameworks are COSO, COBIT, ITIL, and ISO 27001/9000. Applying COSO ERM framework to the business processes in cloud providers provide comprehensive view of risks, benefits and action plan options.

Index Terms—cloud computing, risk management; COSO ERM, cloud service provider

Cite: Jarot S. Suroso, Harisno and Johan Noerdianto, "Implementation of COSO ERM as Security Control Framework in Cloud Service Provider" Journal of Advanced Management Science, Vol. 5, No. 4, pp. 322-326, July 2017. doi: 10.18178/joams.5.4.322-326