Cloud Security Risk Management: A Critical Review

Damenu, Temesgen Kitaw; Balakrishna, Chitra

doi:10.1109/ngmast.2015.25

Cited by 20 publications

(14 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risks in context to Information Security are always uncertain and its mitigation process cannot be fully achieved until the objectives and strategies of the business are clear. Context establishment means to define the scope of all processes involved in the risk management and also sets the criteria to assess the tasks for the mitigation of risks [23]. The scope of risk management must be within limit of the organizational goals and objectives.…”

Section: Context Establishmentmentioning

confidence: 99%

Agent Based Information Security Framework for Hybrid Cloud Computing

2019

KSII TIIS

View full text Add to dashboard Cite

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB® fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

show abstract

Section: Context Establishmentmentioning

confidence: 99%

Agent Based Information Security Framework for Hybrid Cloud Computing

2019

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…The attacker (or attackers, as is the case in distributed denial-of service (DDoS) attacks) attacks typically flood servers, systems or networks with traffic by way of obliging the prevents legitimate users to consume inordinate quantities of finite system resources like memory, processor power, disk space or network bandwidth [20,21,23]. Consequently, this produces an intolerable system slowdown and leaves all of the victim cloud service perplexed and furious as to why the service isn't responding [9,12,19,42,43,73,77].…”

Section: Technical Issuesmentioning

confidence: 99%

Challenges of cloud computing use: A systematic literature review

et al. 2018

View full text Add to dashboard Cite

Background: In recent years, cloud computing has grown vastly. Cloud computing represents a new model for IT service delivery and it typically provides over-a-network, ondemand, self-service access, which is dynamically scalable and elastic, using pools of often virtualized resources. However, this new paradigm is facing diverse challenges from many fronts. Methods: We conducted a systematic literature review of potential challenges of cloud computing. Documents that described challenges of cloud computing were collected of routinely. We grouped identified challenges in taxonomy for a focused international dialogue on solutions. Results: Twenty-three potential challenges were identified and classified in three categories: policy and organizational, technical and legal. The first three categories are deeply rooted in well-known challenges of cloud computing. Conclusions: The simultaneous effect of multiple interacting challenges ranging from technical to intangible issues has greatly complicated advances in cloud computing adoption. A systematic framework of challenges of cloud computing will be essential to accelerate the use of this technology for working well in fact and in order to face with respect to mitigating IT-related cloud computing risks.

show abstract

“…Cloud Risks Classification. Cloud risks classification is not a well-defined scientific problem [2,21,22]. In [21] authors distinguish the following groups of risks: information security, operations management, change management, disaster recovery, service level management, interface management, regulations and legislation.…”

Section: State Of the Artmentioning

confidence: 99%

“…ENISA's list of risk scenarios and their categories include the following [1,22]: policy & organizational, technical, legal, etc. According to the information presented in [2], most of cloud security risks can be categorized using application and network levels, data storage risks, etc. We propose to use the following groups of risks: information, resource, organizational, financial, social, operational, reputation, legal.…”

Section: State Of the Artmentioning

confidence: 99%

See 1 more Smart Citation

Technology of computing risks visualization for distributed production infrastructures

2018

View full text Add to dashboard Cite

Scientific problems related to the classification, assessment, visualization and management of risks in the cloud environments have been considered. The analysis of the state-of-the-art methods, offered for these problems solving, has been carried out taking into account the specificity of the cloud infrastructure oriented on large-scale tasks processing in distributed production infrastructures. Unfortunately, not much of scientific and objective researches had been focused on the developing of effective approaches for cloud risks visualization providing the necessary information to support decision-making in distributed production infrastructures. In order to fill this research gap, this study attempts to propose a risks visualization technique that is based on radar chart implementation for multidimensional data visualization.

show abstract

Cloud Security Risk Management: A Critical Review

Cited by 20 publications

References 17 publications

Agent Based Information Security Framework for Hybrid Cloud Computing

Agent Based Information Security Framework for Hybrid Cloud Computing

Challenges of cloud computing use: A systematic literature review

Technology of computing risks visualization for distributed production infrastructures

Contact Info

Product

Resources

About