Danciu, V., Hommel, W., Lindinger, T., gentschen Felde, N. (2008):
Adaptive defense measures against the security hazards induced by systems virtualisation
The explosive proliferation of systems virtualisation supports a more adaptive delivery of IT services. In the area of security management, however, virtualisation carries beneficial as well as detrimental implications. As the business management is held liable for financial damage caused by IT security incidents, e.g. due to the BASEL II and SOX regulations, security measures are no longer a task which is exclusively hand led by the IT staff. Governance, Risk, and Compliance (GRC) frameworks focus the support of these three business critical management areas on the strategic level.
In this paper, we analyse and classify new hazards that are due to the additional degrees of freedom introduced by systems virtualisation.