CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Akinrolabu, Olusola; New, Steve; Martin, Andrew P.

doi:10.3390/computers8030066

Cited by 13 publications

(10 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, ISRA approaches are not static, which is contrary to the pre-supposition of most cloud ISRA approaches. The extent of development in cloud risk assessment models and frameworks (Akinrolabu et al, 2019;Albakri et al, 2014;Djemame et al, 2016;Islam et al, 2017) assume that the process is static and changes to the approach are not recognized, which is contrary to the results of the current paper. An implication for future research is to investigate whether the changes made by practitioners are effective or counter-effective.…”

Section: Implications For Researchcontrasting

confidence: 75%

“…Within ISRM resides the information security risk assessment (ISRA), which is a process that is integral to ISRM and its task is to identify, analyze, categorize and evaluate cloud security risks (Shameli-Sendi et al , 2016). While plenty of ISRA frameworks exist for the cloud (Akinrolabu et al , 2019; Djemame et al , 2016; Islam et al , 2017), extant research has tended to investigate the technical and operational issues (Venters and Whitley, 2012). Moreover, there is a lack of organizational perspective into cloud security issues (Trigueros-Preciado et al , 2013), and previous research has called for more empirical studies that investigate the practice of ISRA in the cloud (Ali et al , 2020).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

Faizi

Padyab

Naess

2021

ICS

View full text Add to dashboard Cite

Purpose This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden. Design/methodology/approach Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices. Findings The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services. Originality/value As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

show abstract

Section: Implications For Researchcontrasting

confidence: 75%

Section: Introductionmentioning

confidence: 99%

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

Faizi

Padyab

Naess

2021

ICS

View full text Add to dashboard Cite

show abstract

“…In [ 47 ], the authors focused on a transformation roadmap for standardizing IoT risk impact assessment (based on functional dependency) and calculating the economic impact of cyber risk (based on a goal oriented approach). Authors in [ 48 ], proposed the CSCCRA (Cloud Supply Chain Cyber Risk Assessment) model, as a quantitative risk assessment model to assess the risk of a SaaS application and its supply chain mapping.…”

Section: Security Risk Management Within E-health Systemsmentioning

confidence: 99%

A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach

2022

View full text Add to dashboard Cite

Internet of Things (IoT) applications are among the major trends of nowadays. Billions of connected devices are creating great business profits and performing a multitude of automated tasks in many daily human activities. In healthcare service delivery, IoT capabilities are difficult to overestimate, they are progressively becoming entangled and commonly coined Internet of Medical Things (IoMT). The participating nodes in IoMT networks generate, collect and exchange huge amounts of extremely private and sensitive data. Numerous security vulnerabilities arise due to the complexity and the heterogeneity of the technology. New risks, born out of IoMT systems, cannot easily be supported by existing risk management frameworks. The existing cyber-security risk assessment methods and approaches, deployed in several organizations, will not address the IoMT inherent risks properly. This study includes a comprehensive review of IoMT systems. Popular risk assessment methods are discussed and their suitability to IoMT is dealt with in detail. Based on this study, we propose a framework to enhance trust and help with decision making in e-healthcare environments given its high-risk exposure. The proposal is based on a quantified risk assessment approach. Our aim is to define a novel approach/model for improving trust and risk management in an e-health context.

show abstract

“…In the IT context, on the one hand, in recent years numerous efforts have been carried out to augment risk assessment approaches that can guarantee cloud security, as reported, for example, by the MEDINA project financed by the European Union [34]. On the other hand, most risk assessment tools in this domain rely on a reactive approach, while only a few of them take into account supply chain risks [35] and the elicitation of software requirements for complex systems [36]. Hence, a "Safety II" approach is needed to explain performance variability in such a context, and FRAM appears to be the proper tool for systemic safety assessment in this complex and dynamic domain [37].…”

Section: Introductionmentioning

confidence: 99%

A Resilience Engineering Approach for the Risk Assessment of IT Services

Fargnoli,

Murgianu

2023

Applied Sciences

View full text Add to dashboard Cite

Nowadays, services related to IT technologies have assumed paramount importance in most sectors, creating complex systems involving different stakeholders. Such systems are subject to unpredictable risks that differ from what is usually expected and cannot be properly managed using traditional risk assessment approaches. Consequently, ensuring their reliability represents a critical task for companies, which need to adopt resilience engineering tools to reduce the occurrence of failures and malfunctions. With this goal in mind, the current study proposes a risk assessment procedure for cloud migration processes that integrates the application of the Functional Resonance Analysis Method (FRAM) with tools aimed at defining specific performance requirements for the suppliers of this service. In particular, the Critical-To-Quality (CTQ) method was used to define the quality drivers of the IT platform customers, while technical standards were applied to define requirements for a security management system, including aspects relevant to the supply chain. Such an approach was verified by means of its application to a real-life case study, which concerns the analysis of the risks inherent to the supply chain related to cloud migration. The results achieved can contribute to augmenting knowledge in the field of IT systems’ risk assessment, providing a base for further research.

show abstract

CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers

Cited by 13 publications

References 38 publications

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach

A Resilience Engineering Approach for the Risk Assessment of IT Services

Contact Info

Product

Resources

About