Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Yeng, Prosper Kandabongee; Wolthusen, Stephen D.; Yang, Bian

doi:10.14569/ijacsa.2020.0111194

Cited by 13 publications

(4 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The STRIDE is the best technique for mitigating threats in cybersecurity, with a value of 59, followed by QTMM (57), CVSS (51), PASTA (50) and PnG (47). This corroborates the findings by Yeng et al [37], which show that STRIDE gathers high-level security requirements for cloud computing. However, Attack Tree and HTMM have the same value of 46, followed by LINDDUN (45), OCTAVE (44) and Trike (43).…”

Section: Comparative Analysis Of Threat Modeling Techniquessupporting

confidence: 92%

Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques

Awodele,

Ogbonna,

Ogu

et al. 2024

ATAIML

View full text Add to dashboard Cite

Advancements in information technology have significantly enhanced productivity and efficiency through the adoption of cloud computing, yet this adoption has also introduced a spectrum of security threats. Effective cybersecurity mitigation strategies are imperative to minimize the impact on cloud infrastructure and ensure reliability. This study seeks to categorize and assess the risk levels of cybersecurity threats in cloud computing environments, providing a comprehensive characterization based on eleven major causes, including natural disasters, loss of encryption keys, unauthorized login access, and others. Using fuzzy set theory to analyze uncertainties and model threats, threats were identified, prioritized, and categorized according to their impact on cloud infrastructure. A high level of data loss was revealed in five key features, such as encryption key compromise and unauthorized login access, while a lower impact was observed in unknown cloud storage and exposure to sensitive data. Seven threat features, including encryption key loss and operating system failure, were found to significantly contribute to data breaches. In contrast, others like virtual machine sharing and impersonation, exhibited lower risk levels. A comparative analysis of threat mitigation techniques determined Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE) as the most effective methodology with a score of 59, followed by Quality Threat Modeling Methodology (QTMM) (57), Common Vulnerability Scoring System (CVSS) (51), Process for Attack Simulation and Threat Analysis (PASTA) (50), and Persona non-Grata (PnG) (47). Attack Tree and Hierarchical Threat Modeling Methodology (HTMM) each achieved 46, while Linkability, Identifiablility, Nonrepudiation, Detectability, Disclosure of Information, Unawareness and Noncompliance (LINDDUN) scored 45. These findings underscore the value of fuzzy set theory in tandem with threat modeling to categorize and assess cybersecurity risks in cloud computing. STRIDE is recommended as an effective modeling technique for cloud environments. This comprehensive analysis provides critical insights for organizations and security experts, empowering them to proactively address recurring threats and minimize disruptions to daily operations.

show abstract

Section: Comparative Analysis Of Threat Modeling Techniquessupporting

confidence: 92%

Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques

Awodele,

Ogbonna,

Ogu

et al. 2024

ATAIML

View full text Add to dashboard Cite

show abstract

“…These models can mitigate healthcare information systems (HIS) risks and protect protected health information (PHI). While many papers about Threat Modeling in Healthcare specialize in domains like Mobile Health Systems, Electronic Health Systems [2], Medical Cyber-Physical Systems, and Cloud Computing, very few papers have information about threat taxonomies within the healthcare industry [3]. STRIDE is a well-known threat modeling system that is useful for identifying many kinds of security risks.…”

Section: Existing Workmentioning

confidence: 99%

A Comparative Analysis of Cybersecurity Threat Taxonomies for Healthcare Organizations

Jaikanth,

Madisetti

2024

JSEA

View full text Add to dashboard Cite

Information technology is critical in coordinating patient records, smart devices, operations, and critical infrastructure in healthcare organizations, and their constantly changing digital environment, including suppliers, doctors, insurance providers, and regulatory agencies. This dependence on interdependent systems makes this sector vulnerable to various information technology risks. Such threats include common cybersecurity risks such as data breaches and malware attacks, unique problems occurring in healthcare settings such as unauthorized access to patient records, disruptions in services provided at medical facilities, and potential harm caused to patients due to the compromise of medical devices. The threat taxonomies, such as the Open Threat Taxonomy, NIST, or ENISA, are foundational frameworks for grasping and categorizing IT threats. However, these taxonomies were not specifically designed to deal with the complexities of the healthcare industry. The problem arises from the gap between these taxonomies' general nature and the industry-specific threats and vulnerabilities that affect healthcare organizations. As a result, many healthcare institutions fail to holistically address and eliminate the unique risks related to confidentiality, integrity, and availability of patients' data as well as critical systems used in healthcare. This paper aims to narrow this gap by carefully assessing these taxonomies to determine the framework best suited for addressing the threat environment in the healthcare sector.

show abstract

“…The lock-in effect poses additional hazards that result in cloud users becoming dependent on the services offered by the cloud service provider, so limiting customers' flexibility in their choices [21]. In addition, the adoption of cloud computing has the potential to amplify the risk of data loss and exacerbate system downtime when utilising an inadequate cloud provider [22]. Moreover, cloud adoption could cause compliance problems if the cloud provider violates data protection and healthcare sector requirements [23], [24].…”

Section: ) the Technological Context A Relative Advantagementioning

confidence: 99%

ACC-PH: a Comprehensive Framework for Adopting Cloud Computing in Private Hospitals

Alshahrani,

Beloff,

White

2023

Position Papers of the 18th Conference on Computer Science and Intelligence Systems

View full text Add to dashboard Cite

The healthcare sector is of paramount importance as it provides necessary medical services to sustain human lives. In the private healthcare sector, organisations place equal emphasis on profits as on providing essential medical services. Thus, to offer optimal health aids at low cost, private healthcare organisations try to acquire the best technologies available. Cloud computing offers a solution to cutting business expenses while boosting productivity because it supplies computing services through third parties more cost-effectively. Nonetheless, recent studies have shown that adopting cloud computing services in private healthcare facilities in Saudi Arabia is behind when compared to other sectors. This study presents an optimal data collection and framework validation methodology, combining qualitative and quantitative approaches to examine proposed factors influencing Adopting Cloud Computing in Private Hospitals (ACC-PH) in Saudi Arabia. Accordingly, this research is expected to enhance the implementation of cloud computing in Saudi private hospitals.

show abstract

Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Cited by 13 publications

References 43 publications

Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques

Characterization and Risk Assessment of Cyber Security Threats in Cloud Computing: A Comparative Evaluation of Mitigation Techniques

A Comparative Analysis of Cybersecurity Threat Taxonomies for Healthcare Organizations

ACC-PH: a Comprehensive Framework for Adopting Cloud Computing in Private Hospitals

Contact Info

Product

Resources

About