Cloud Security Baseline Development Using OWASP, CIS Benchmarks, and ISO 27001 for Regulatory Compliance.

• Author(s): Iboro Akpan Essien ; Emmanuel Cadet ; Joshua Oluwagbenga Ajayi ; Eseoghene Daniel Erigha ; Ehimah Obuse
• Paper ID: 1710217
• Page: 250-260
• Published Date: 28-02-2019
• Published In: Iconic Research And Engineering Journals
• Publisher: IRE Journals
• e-ISSN: 2456-8880
• Volume/Issue: Volume 2 Issue 8 February-2019

Abstract

The increasing adoption of cloud computing across industries has heightened the need for robust, standardized security frameworks that align with regulatory requirements and best practices. This paper presents a comprehensive approach to developing a cloud security baseline by integrating the Open Web Application Security Project (OWASP) guidelines, Center for Internet Security (CIS) Benchmarks, and ISO 27001 standards. These frameworks collectively address application-layer vulnerabilities, system configuration hardening, and holistic information security management, enabling organizations to establish consistent and scalable security postures. By mapping control objectives and security measures across these standards, the proposed baseline ensures that critical assets are safeguarded against evolving cyber threats while maintaining compliance with diverse regulatory regimes. Emphasis is placed on harmonizing security controls to eliminate redundancy, improve operational efficiency, and facilitate easier audits. The integration of OWASP mitigates application-specific risks, CIS Benchmarks strengthens platform and service configurations, and ISO 27001 provides governance, risk management, and continuous improvement structures. The study underscores the importance of adopting a unified security baseline not only as a technical safeguard but also as a strategic enabler of trust, regulatory alignment, and operational resilience in multi-cloud and hybrid environments. This framework offers a practical pathway for enterprises to meet both security and compliance obligations in today’s complex digital landscape.

Keywords

Cloud Security, OWASP, CIS Benchmarks, ISO 27001, Regulatory Compliance

Citations

IRE Journals:
Iboro Akpan Essien , Emmanuel Cadet , Joshua Oluwagbenga Ajayi , Eseoghene Daniel Erigha , Ehimah Obuse "Cloud Security Baseline Development Using OWASP, CIS Benchmarks, and ISO 27001 for Regulatory Compliance." Iconic Research And Engineering Journals Volume 2 Issue 8 2019 Page 250-260

IEEE:
Iboro Akpan Essien , Emmanuel Cadet , Joshua Oluwagbenga Ajayi , Eseoghene Daniel Erigha , Ehimah Obuse "Cloud Security Baseline Development Using OWASP, CIS Benchmarks, and ISO 27001 for Regulatory Compliance." Iconic Research And Engineering Journals, 2(8)